Site settings set options such as site users, user groups, backup, updates, and upgrades options.
Here you can generate random keys which are used for authentication with PBXware when using the PBXware API.
The page shows all currently created API Keys. Every system has a Master Key which by default, has all permissions set and can not be deleted. The Master Key can be edited and its permissions can be changed. On new systems, the Master Key is randomly generated while on upgraded systems it will have the value of the Key that was previously used.
Clicking the Add New API Key icon will open a page where you can generate a new API key and set permissions for that key.
Clicking the Documentation icon will open a page with additional information about the API.
A name for the API Key. Used only for presentation.
(E.g. My API Key)
The generated API Key. You can enter a key manually or generate it by clicking on the Generate Random API Key button.
(E.g. 22AmG6dAPpv9ZkusnOgkJPaQ7sNkVn5S)
Clicking this button will generate a random API Key.
If the API key was not used in the selected time period, it will get suspended. If the API Key is suspended you will see a red warning icon next to the Last Activity field on API Keys main page. You can reset the suspension by clicking the Reset Icon on the API Keys page. The reset Icon can be found next to the Edit and Delete Icons.
If Enabled then API Users will have permissions to send requests for any of the tenants using this API Key. This does not apply for the Master Tenant. To allow permission for Master Tenant changes you need to enable the Master Tenant option.
If Disabled a new field called Tenants will be shown where you can select tenants that the key will have permissions for. When Disabled, the Master Tenant field is hidden but Master Tenant can be selected as an option from the Tenants field.
Visible only if All Tenants option is disabled. Here you can select tenants that the key will have permissions for. If no tenants are set then the API user will not be able to change any of the tenants using this key.
Visible only if All Tenants option is enabled. Sets the permission for Master Tenant changes.
NOTE: If All Tenants option is disabled then this field is not visible but Master Tenant can be chosen as a selection in the Tenants option
If Enabled then the API Requests containing this API Key can come from any IP Address. If you want to allow only certain IP Addresses or IP Address Ranges to use this API Key then disable this option and a field called Allow IPs will be shown where you can enter a comma-separated list of IP Addresses or IP Ranges that will be able to send requests using this API Key.
Visible only if Allow All IP Addresses option is disabled. Here you can enter a comma-separated list of IP Addresses or IP Ranges that will be able to send requests using this API Key. Any requests coming from an IP that is not on the list will be rejected.
(E.g. 127.0.0.1,127.0.0.0/8)
If Enabled then the user can execute any API Method using this API Key. The API Methods are described in the API Documentation, which can be found on the API Keys main page. If Disabled then a field will be shown where you can set permission for each Action separately.
In PBXware 7.2 we have added the ability to register external ARI applications to PBXware in order to manipulate calls in a way that PBXware otherwise would not support .
To add ARI Application, in the PBXware interface, navigate to the Admin Settings -> ARI -> Applications
Add Application
Press this button to add a new ARI Application.
Search
Enter the search pattern to filter the list of ARI applications.
Name
A custom name assigned to your ARI application.
ARI Username
The username used by the remote system for authentication with PBXware’s ARI.
Description
Short description of ARI application functionality.
.
A custom name assigned to your ARI application used for easier management.
NOTE: Valid characters are a-zA-Z0-9-_
The username used by the remote system for authentication with PBXware’s ARI.
ARI Username must be unique for every application.
Password used by the remote system for authentication with PBXware’s ARI.
IP address of the remote system registering to the PBXware’s ARI.
To improve the security of this feature, we implemented an IP authentication for ARI connections which will only allow registrations from the IP addresses associated with the ARI Application.
Short description of ARI Application.
Once successfully configured and authenticated with the PBXware’s ARI, ARI Applications can be assigned as destinations on DID, IVR and Special Routes.
If the ARI Application is deleted, it will be automatically removed from all the destinations it was assigned on.
.
The access codes section allows PBXware administrators to create custom access codes, which will be redirected to the selected ARI Application when the access code is dialed.
ARI access codes must be different from the PBXware’s access codes, but if it does happen that ARI and PBXware access codes are identical, the access code will trigger the PBXware’s function as native features have the priority.
To add a new ARI Access Code, click the + icon in the ARI Access Codes table.
.
ARI Access Code as created by the user.
Destination that will be dialed once the ARI Access code is executed.
Select a preferred destination from the drop-down list available in the Destination field. The list will include all the ARI Applications configured on the PBXware.
.
The Tenant Permissions page enables PBXware administrators to meticulously assign ARI application permissions on a per-tenant, application-specific basis. A high level of control ensures that each application is only utilized by the intended tenant(s).
Enter the search pattern to filter the list of ARI applications.
Name of the tenant, permission is assigned to.
Number of the tenant permission is assigned to.
Displays permission type used for this entry.
Displays the list of ARI applications added in this rule.
Click the Edit button to modify the rule.
This option allows you to define whether the selected tenant will have access to the ARI Application(s) or not.
Available options are:
Permit - Tenant will be able to use selected ARI applications. If no application is selected, none will be permitted. If ALL is selected, all available ARI applications will be available for use.
Deny - Tenant will not be able to use selected ARI applications. If no application is selected, all will be permited. if ALL is selected, none of the available ARI Applications will be available for use.
None - By default, the permission type is set to None, which allows all tenants to use ALL ARI applications. This also means that tenants will have access to all ARI Applications if no ARI rules are created.
Select ARI Applications you would like to permit or deny access to.
.
Action Logs feature will provide information on what changes are made, who made them and when. It can also help you detect unauthorized access by storing information of IP addresses used to log in to your PBXware.
Date range for which the user wants to see action logs.
Filter the Action Logs by a specific page. This way you can see all the changes done on a single page.
(E.g. If you want to see all changes on the Extensions page, select 'Extension')
Filter the Action Logs by a specific User. This way you can see all the changes that one user did on the system.
Each change on the system is presented as an action. Using this filter you can search the Action Logs for a specific action.
Action can be one of the following:
(Select Box)
Use this field for a more advanced search. The search can be done by any value seen in the Data field or by an IP Address.
(E.g. 127.0.0.1 will show all Action Logs for Actions from that IP Address)
Use this field to search Action Logs for changes done on specific tenant(s). Enter the tenants as a comma-separated list and click search.
(E.g. 200,201 will show all Action Logs for tenants 200 and 201)
Tenant number where the action was done on.
Date when the action was done.
Shows the user who did the action.
IP Address where the request for the action came from.
Page where the action happened on.
The completed action.
Shows some additional data about the completed action. The data varies depending on the action type and the page where it was completed.
NOTE: When users select one of the two action types: 'Listen' or 'Download', they can see information regarding ID and CDR ID.
To make it easy for our customers that do not have much experience with working in a terminal environment, there is an integrated Asterisk CLI monitor in its interface. Asterisk CLI is accessible to main administrative accounts on PBXware and does not require root password in order to access it.
This might initially sound like a potential security issue but we have prevented this by only allowing execution of monitoring commands when using in-browser Asterisk CLI. Apart from permissions being limited, you will be able to use debugging and other monitoring features the same as if you are logged in Asterisk CLI.
Even if we have already made the branding much easier to use for customers that do not have experience with CSS editing, new interface pushed this even further, allowing customers to use a color picker to precisely define the shade of color they would like to use for each of the PBXware GUI elements. You can also change the Logo and the Login page title and header.
Two branding types are available:
By default, the branding type is set to Simple.
Simple branding allows you to modify the user interface colors to any colors you wish. By picking a value from a color picker you can change the color for almost any user interface item.
This page also allows you to modify the Online Self Care Logo and interface colors.
While changing the colors they will automatically be applied to the interface as a preview but will not be applied completely until the Save button is clicked.
When using the “Reset to defaults” button, all simple branding images will be deleted and the colors will be reverted to the default system colors.
Branding Web allows customers to modify the web application interface colors to any colors they wish. By picking a value from a color picker, they can change the color for almost any user interface item.
After changing the colors, changes will not be applied until the 'Save changes' button is clicked, and the app page is reloaded.
When using the 'Reset to defaults' button, all branding colors will be reverted to the default system colors.
Advanced branding works this way: in order to make any CSS changes, you edit CSS files and upload images manually.
Set the proper date format shown throughout the systems interface
(E.g. 04 Oct 2006)
Set the proper time format shown throughout the systems interface
(E.g. Select between 12/24 hour format)
(Select box)
In PBXware version 6.7.3, we have introduced a small improvement to the Groups page, which should help administrators in their daily operations.
A search bar was added to the main Groups page and will allow users to filter the Groups by the group name or the group number.
In case a search is performed by the tenant number, results will display all of the groups that the tenant is assigned to, including groups with “All tenants” selected.
Groups allow for a unified permission system, enabling users access to various applications or part of the applications.
Each site can edit existing or add new groups as per their requirements by clicking on the appropriate action buttons. During add/edit, permissions and group name are available for edit.
Note: After creating a group it can be assigned to a user by going to the Users page.
Name of the Group.
If Enabled, then users, who are members of this group, will be able to access all the tenants on the system. This does not apply for the Master Tenant. To enable access for Master Tenant you need to enable the Master Tenant option.
If Disabled, a new field called Tenants will be shown where you can select tenants that users, who are members of this group, will be able to view. When Disabled, the Master Tenant field is hidden but Master Tenant can be selected as an option from the Tenants field.
Visible only if All Tenants option is disabled. Here you can select tenants that users, who are members of this group, will be able to view.
Visible only if All Tenants option is enabled. If Enabled then users, who are members of this group, will be able to view Master Tenant as well.
NOTE: If All Tenants option is disabled then this field is not visible but Master Tenant can be chosen as a selection in the Tenants option
Enabling this option gives users, who are members of this group, the option to see and modify the Advanced options of sections in PBXware.
Enabling this option gives users, who are members of this group, will have the option do reload and restart actions.
The fields under the above-mentioned options are there so you can define permissions for every page on the system. Most of the options are checkboxes and are self-explanatory, where the name of the option represents the page and if the checkbox is checked then the users, who are members of this group, will be able to view and change the page.
(E.g. Under Extensions, if System is checked then the user will be able to see the Extensions > System Page. If not checked then the page will not be visible)
Permissions that are not simple checkboxes or are not associated with a whole page, but just a part of the page, are explained below:
.
With this option selected, group members will not be able to create new extensions on the system/tenant.
With this option selected, group members will not have the ability to delete extensions on the system/tenant.
NOTE: Changing the group permissions for these two options will be effective immediately, even if users are already logged in. In case they try to create/delete extensions, an error message will pop up, informing users they do not have permission to create/delete extensions.
However, in case the administrator moves the user from the group that had the ability to create/delete extensions to the group that has these permissions disabled, permissions will not be changed immediately, and the user would have to log out before changes are in effect. Because of this restriction administrator should check the box Force Logout to make sure changes are applied when moving users between groups.
If this permission is enabled, then users, who are members of this group, will be able to see the Call Rating Cost on the CDR Page, CDR CSV Download and CDR E-mail. If this permission is disabled then the Call Rating Cost field will not be shown on the previously mentioned pages.
This option is used to limit the extensions that users, who are members of this group, will be able to see on the CDR page. If this field is not empty and is populated with a comma-separated list of extensions, then depending on the dropdown left of the field, the shown CDRs will be limited. You can choose the type of limitation by using the options in the dropdown field.
The IP Address restrictions page is used to set whether some IP ranges have access or are banned, which depends on the selection of the Blacklist/Whitelist in the Settings menu.
Add/Edit IP restrictions policies that dictate which IP ranges can/cannot access the PBXware user interface.
When adding/editing a policy, you need to set the name and IP range for the current policy.
Name that describes this policy.
(E.g. admin)
IP Address from which users will or will not be able to access the PBXware user interface.
(E.g. 10.1.0.0/24)
Select whether set policies will be whitelisted or blacklisted.
PBXware LDAP integration allows users with Active Directory or OpenLDAP account to authenticate to PBXware using their LDAP credentials.
Enabled
Host
The LDAP Server hostname where the authentication requests will be sent to.
Port where the LDAP server will be listening on for incoming authentication requests.
If Checked, LDAPS will be secured that encrypts data over the SSL protocol.
The point in the LDAP server directory tree where the user search will be started from.
LDAP server administrator login username.
LDAP server administrator login password.
Number of seconds after the login request will fail if a response has not been received.
LDAP Server attribute used as a login username (e-mail)
LDAP Server attribute that holds the value of the account's group ID. For more information about groups go to the Groups page.
If you want to test your configuration you can enter an account's login credentials in the fields below and click the "Test connection" button.
Test User's login username
Test User's login password
Here you can set the default language for the PBXware user interface.
Available languages are:
By default, English is selected.
For more information about licensing please read the Licensing chapter.
The system sends email notifications and alerts to various users and administrators during operation. For normal operation, email sending requires the user to have a remote SMTP server through which emails will be sent.
Address to which the email will go if a recipient is not specifically defined
(E.g. john@domain.com)
The host to send mail to, in the form "host | IP_addr"
(E.g. mail.domain.com)
Port used to send emails to the host
(E.g. Default port is 25)
Username used for SMTP AUTH
(E.g. username)
Password used for SMTP AUTH
(E.g. password)
Encryption
Specifies whether SMTP uses SSL/TLS protocols to talk to the SMTP server
Disabled by default.
Specifies whether SMTP does a EHLO/STARTTLS before starting SSL negotiation
Custom From Header
When this option is enabled, the 'From' E-mail address which will be used is the one set in the 'E-mail Account' section of the SMTP configuration. If this option is 'unchecked' the E-mail account, from which the E-mails will be sent, will be presented as root@email.com.
To prevent unauthorized access to the PBXware web interface we created an automatic account suspension feature. By default, accounts will be suspended after 5 unsuccessful login attempts in 1 minute but users can change these values to match their preferences. After an account is suspended it will have to be unlocked by the administrator.
Session type describes which type of connection will be used for connection to the PBXware user interface.
Available options:
Maximum number of login attempts in a period set in the field "Login retry time period", after which the account will be suspended.
Time period for which the user can create a number of mistakes (set in the field ‘Number of login attempts to be allowed) while logging in.
If the user reaches that number of login attempts in this period of time, he will be suspended.
Page for managing Administrator and User accounts.
NOTE: Please bear in mind that all password checks have been revamped and strong passwords are required throughout the site.
A strong password will need to consist of:
Allowed characters are a-z, A-Z, 0-9, ! % * _ -.
Opens a page where you can add a new Administrator account.
Search the accounts by Name or E-mail.
Shows the admin's name.
Shows the admin's email address.
Shows the date and time of the administrator's last login.
Shows if 2-Step verification is set up for the account. For more information about 2-step verification go to the Account Settings > 2-step verification setup page.
Shows the account's status (whether the account can be used or is disabled)
This button is used to reset the login status for the selected account. This will enable the account, refresh its last login time, reset the 2-step verification setup and check the "Change password at next login" option for that account.
Use this option if the account is disabled because of inactivity or if you just want to reset the above-mentioned options.
Clicking on this icon will open a page where you can edit the account's options and preferences.
This option will delete the selected admin account.
On this page, you can add a new GUI administrator or edit an existing one.
If this option is enabled the account will be flagged as disabled and the administrator will not be able to log in.
This does not affect accounts that are already logged in.
Name for the new account
(E.g. John)
Email address used for account login
(E.g. john@domain.com)
Password used for logging in
(E.g. fjhoe5!4fh8o%e54fg_vh8)
Verify given password
(E.g. fjhoe5!4fh8o%e54fg_vh8)
A drop-down field where you can choose a predefined period for password expiration. The administrator will be prompted to change his password after the given period.
(E.g. If 6 Months is selected, then if 6 months have passed since the last password change, on the next login the administrator will be prompted to change his password.)
This field overrides the field in Site Accounts -> Settings -> Password Expiry.
If this toggle is enabled, then on the next login the administrator will be prompted to change his password and will not be able to proceed until the password has been changed.
Site users are allowed to login to the system interface in order to perform a specific function according to granted permissions. Each user belongs to a user group. Each group's permissions are pre-set in order to allow unified access and permission control.
The user can have access to any application or part of that application depending on permits granted. It is highly recommended to add/edit groups before adding new users.
NOTE: For more information about groups go to the Groups page.
Opens a page where you can add a new user account.
Search the accounts by Name or E-mail.
Shows the user's name
Shows the user's email
Shows the group the user is assigned to.
Shows the date and time of the user's last login.
Shows if 2-Step verification is set up for the account. For more information about 2-step verification go to Account Settings > 2-step verification setup page.
Shows user's status (whether the user's account is OK (enabled and in use) or disabled
This button is used to reset the login status for the selected account. This will enable the account, refresh its last login time, reset the 2-step verification setup and check the "Change password at next login" option for that account.
Use this option if the account is disabled because of inactivity or if you just want to reset the above-mentioned options.
Clicking on this icon will open a page where you can edit the account's options and preferences.
This option will delete the selected user account.
If this toggle is enabled, then the account will be flagged as disabled and the user will not be able to log in.
NOTE: This does not affect accounts that are already logged in.
Enter the company's name in which the user is employed
Enter the user's name
Enter the user's address
Select a city from which the user works
Select a country from which the user works
Select a County/State from which the user works
Enter a zip code
Enter the user's phone number
([0-9])
NOTE: Please note that this feature is part of the beta release and is only visible to beta testers. Once the stable version is released, it will be available for general use.
NOTE: In case the format of a phone number or fax is incorrect, the following warning message will appear: "Phone/Fax can contain numbers, + sign and - separator only." Please refer to the screenshot.
Enter the user's fax number
Enter the user's email address
Select a group to which the user is assigned
Tick this field to suspend the user after which they won’t be able to log in
Password which will be used for user login.
Verify the password given above.
A drop-down field where you can choose a predefined period for password expiration. The user will be prompted to change his password after the given period.
(E.g. If 6 Months is selected, then if 6 months have passed since the last password change, on the next login the user will be prompted to change his password.)
This field overrides the field in Site Accounts -> Settings -> Password Expiry.
If this toggle is enabled, then on the next login the user will be prompted to change his password and will not be able to proceed until the password has been changed.
If this option is enabled, when changes to the user account are saved, the user will be automatically logged out of all active sessions across all browsers he might be logged into at that moment and will need to log in again.
This feature is added as a security measure and allows the PBXware administrator to change the account password and log user out from all active sessions, in case the account has been compromised.
.
Set a period of time allowed for accounts to be inactive. If an administrator/user’s last login was more than the defined period ago then the account will be flagged as disabled and the administrator/user will not be able to log in.
Another administrator can edit the account to enable it again.
By default, this option does not apply for administrator accounts.
If set to "Yes" then the "Inactivity suspension" option will be applied for administrator accounts as well.
A drop-down field where you can choose a predefined period for password expiration. The administrators/users will be prompted to change their password after the given period.
(E.g. If 6 Months is selected, then if 6 months have passed since the last password change, on the next login the administrator/user will be prompted to change his password.)
If this option is set to Yes then alongside the strong password check the password will be looked up on the https://haveibeenpwned.com API.
https://haveibeenpwned.com is a website that allows internet users to check if their personal data has been compromised by data breaches. The service collects and analyzes hundreds of database dumps and pastes containing information about billions of leaked accounts, and allows users to search for their own information by entering their username or email address. The API also allows the user to check if a password is found in the database and how many times it has been used. This makes sure that our password will not be one of the commonly used passwords and the lookup is completely secure.
It is recommended to set this option to Yes.
Defines the maximum number of unsuccessful login attempts before the account gets temporarily disabled.
If set to 0 or empty this option will be ignored.
Defines how long the account will be disabled if "Max. Number of attempts" has been reached.
There is one rule regarding this option:
NOTE: Please note that this feature is part of the beta release and is only visible to beta testers. Once the stable version is released, it will be available for general use.
Select whether to enforce 2-Step Verification or not
(E.g. Yes)
NOTE: When Not Set is selected, it will be treated as No, so no 2FA will be forced on the users. If set to Yes, users will be then prompted to set it up on the next login, or after refreshing a page if they are already logged in.
Select whether to enforce 2-Step Verification for administrators or not
(E.g. Yes)
NOTE: Administrators will be then prompted to set it up on the next login, or after refreshing a page if they are already logged in.
Select a maximum number of logins before setup
(E.g. 2)
NOTE: Users/Administrators will be able to log in the entered amount of time before being forced to set up the Two-Factor Authentication. The number of retries left will be shown in the warning pop-up message on login.
For more on how to set up ClickHouse, please refer to this link.
Select a suitable database
(E.g. MySQL)
NOTE: Please note that MySQL database is set by default.
Select a suitable mode
(E.g. Local connection)
In case a user selects 'ClickHouse' as a database, depending on the mode chosen, the options may differ. Please refer to the following:
NOTE: Please note that the system needs to restart PBXware for changes to take effect. Running ClickHouse in local mode with less than 10GB of RAM can cause system instability.
Enter the suitable IP address
Enter the username
Enter the password
NOTE: The system needs to restart PBXware for changes to take effect.
127.0.0.1
Enter the username
Enter the password
Enter the allowed IP addresses
NOTE: The system needs to restart PBXware for changes to take effect.
The Updates section allows users to see further information about the Package, Current version, Latest version and Status. Users may also update or restart the system from here.
NOTE: If administrator decides to update PBXware to the latest version through Setup Wizard, but the custom updates are present on the system, s(he) will be warned of their existence by the following warning message displayed: "The system contains custom updates. Updating the system to a newer version will overwrite all custom changes!". Please refer to the screenshot for more detailed information.
For more details about updates, please go to the Updates page under the 'Getting Started' page.
To enable Support Access, please navigate to the 'Support Access' page on Setup Wizard.
Define the port that will be used to open the SSH access
NOTE: The default port value is '2244'.
Define how long the SSH access will stay opened.
NOTE: It closes automatically after the timeout is exceeded. The minimum timeout that can be set is one hour and the maximum timeout is one week.
This page displays the most recent 50 messages from the support access log. There will be information about when the access has been opened/closed, who logged into the system, and when, and if any errors are occurring.
This page displays all currently opened SSH sessions.
The button is used to open/close the SSH Access. Opening the SSH access will enable the support access on the entered port for the Timeout value duration.
NOTE: Once the SSH access is opened, the status will also display the exact date that specifies how long the access stays opened. The SSH Access can be closed manually by clicking on the 'Close SSH Access' button.