Editing security options
You can enable external source control provider access, disable access after failed attempts, and automatically restore access after failed attempts.
1. Click Server Options.
The Edit Server Options dialog box opens.
2. Click the Security tab.
3. Make any changes.
Source Control Providers
| Field | Description | Default value |
|---|---|---|
| Enable external source control provider access | If selected, allows users to attach source control files from external providers, such as Git and GitHub, to Helix ALM items when pushing changes to the source control server. | Selected |
| Disable access after X failed access attempts | Disables access to attach source control files from external providers after a specified number of attempts, which prevents hackers from decrypting provider keys used to access Helix ALM data. Only available if Enable external source control provider access is selected. If you suspect the provider key was compromised, you can regenerate it in the Helix ALM Client. If you regenerate a key, you must also update it in any integration scripts or webhooks that use it. See the Helix ALM help for information about regenerating provider keys. |
2 attempts |
| Restore access after X minutes | If selected, automatically restores access to attach source control files from external providers after a specified number of minutes if disabled after failed access attempts. If this option is not selected and access is disabled, you must manually select Enable external source control provider access to allow users to use Git and other external provider integrations. |
Not selected |
External Clients
| Field | Description | Default value |
|---|---|---|
| External client integration logins expire after X hours | Indicates how often to expire Helix ALM logins from integrated external clients, such as Jira. When a login expires, users must log in again next time they perform a Helix ALM action in the external client. | 24 hours |
| Regenerate external client integration authorization key after X hours | Indicates how often to regenerate the key used to digitally sign and authorize Helix ALM requests from integrated external clients, such as Jira. When a key is regenerated, users must log in again next time they perform a Helix ALM action in the external client. | 168 hours |
REST API
| Field | Description | Default value |
|---|---|---|
| REST API session tokens expire after X hours | Indicates how often to expire tokens used for authorization by the REST API. When a token expires, a new one must be generated before the API can perform actions. See the REST API help for information about tokens. | 168 hours |
HTML Sanitizer
The HTML sanitizer cleans up HTML in multi-line text fields when items are added or viewed in a Helix ALM project. This can help protect against cross-site scripting vulnerabilities. Non-standard HTML formatting may be lost when data is sanitized.
You do not need to restart the Helix ALM Server to apply the changes. Wait 15 minutes or less for changes to take effect.
| Field | Description | Default value |
|---|---|---|
| Web client and reports | If selected, HTML in multi-line text fields is automatically sanitized when viewing items in Helix ALM Web or when viewing detail or matrix reports in the desktop or web clients. | Selected |
| Email import for issues | If selected, HTML in multi-line text fields is automatically sanitized when adding issues to a project via email import. | Selected |
| XML, Microsoft Word, and ReqIF import | If selected, HTML in multi-line text fields is automatically sanitized when adding items to a project when importing an XML, Microsoft Word, or ReqIF file. | Not selected |
| REST API | If selected, HTML in multi-line text fields is automatically sanitized when adding items to a project using the Helix ALM REST API. | Not selected |
| SOAP | If selected, HTML in multi-line text fields is automatically sanitized when adding items to a project using the Helix ALM SOAP-based SDK. | Not selected |
4. Click OK to save the changes.