When Lucity programs connect to a SQL Server or Oracle database, they have to send login credentials. Because these credentials are usually sent out over a network, there is a possibility they could be intercepted.
Lucity provides several different options for managing and securing configuration information.
Managing Database Connection Encryption
The connection encryption can be managed using:
A centrally managed desktop gateway - Enables an administrator to make changes in a single location and automatically download those changes to each workstation. (This is the default setting.)
Manual configuration - Requires an administrator to visit each machine to make changes to the database connection configuration. This option can be more secure than using a centrally managed desktop gateway.
Database Connection Encryption
Once an agency has decided how to manage encryption, it can choose one of three methods for encrypting the connection credentials:
Integrated security - Uses Windows authentication (through an active directory group) to encrypt and send connection credentials to the database.
Unencrypted credentials - Give users access to a very limited set of stored procedures, rather than the entire database.
Encrypted credentials - Requires an agency to set up encryption manually. (This is the most secure method.)
Management + Encryption Options
The following matrix outlines each of the database types and the options for managing the deployment of these configurations:
Centrally Managed
Manual Configuration
Integrated Security
X
X
Unencrypted Configuration
X
X
Encrypted Configuration
X
Defaults
SQL Server - Centrally Managed, Integrated Security
While installing the client or reviewing the settings, look at the GBAUser database settings.
Make sure the Centrally Managed Desktop Gateway setting is set to True.
Make sure the Integrated Security for Desktop Gateway setting is set to True.
In the Active Directory Group for Gateway setting, enter an Active Directory group or click ... for a list of groups.
Provide the Web Gateway login credentials in the Gateway Login ID and Gateway Login Password fields. (This is used to generate the Gateway account; it is NOT saved in the Config folder.)
While Installing the client or reviewing the settings, look at the GBAUser database settings.
Make sure the Centrally Managed Desktop Gateway setting is set to True.
Make sure the Integrated Security for Desktop Gateway setting is set to False.
Enter the Web Gateway login credentials in the Gateway Login ID and Gateway Login Password fields. (This information is used to generate the Gateway account, which is then saved (unencrypted) in the Config folder.)
While Installing the client or reviewing the settings, look at the GBAUser database settings.
Make sure the Centrally Managed Desktop Gateway setting is set to False.
Make sure the Integrated Security for Desktop Gateway setting is set to False.
Enter the Web Gateway login credentials in the Gateway Login ID and Gateway Login Password fields. (This information is used to generate the Gateway account; it is NOT saved to the Config folder.)
Configure each desktop manually using the Encryption tool provided. Learn more >>
How to set up centrally managed integrated security