/
Home Settings

Home Settings

This is where the home Settings are found. It contains Email, Http, Host, Log, API, and User settings.

These settings are only available for the Super User (su)

Email

This is where the superuser can configure the SMTP settings to be able to send out emails from the system.

  • Server URI: SMTP server host and port formatted as smtp://host
    Microsoft: smtp://smtp.office365.com and port 587 and TLS set to No
    Google: smtp://smtp.gmail.com and port 465 and TLS set to Yes

  • SMTP Port: SMTP port number

  • USE TLS: Use TKS/SSL when connecting to SMTP server (enable if the SMTP server is using TLS)

  • Username: Username for authentication with SMTP server

  • From: From email address to use for emails

  • Password: Password of username account being used

  • OAuth 2.0 Configuration: Connect an external identity provider using OAuth. You will need your client ID, client secret, and authorized redirect URI from the provider. HTTPS must be enabled. OAuth 2.0 Authentication for SMTP

    • Authorized redirect URI (https/http): https://{host:port}/finSmtp/api/oauth/callback

image-20260317-215039.png

The Super User is able to test the email configuration to make sure it's working properly by selecting on the Test button located on the top right.

HTTP

This is where the superuser can configure the HTTP settings and enable https if wanted. 

  • Site URI: Public HTTP or HTTPS URI to use when sharing links to the server. This field should be configured if running behind a proxy server where the local IP host or port isn't what is used for public access. Restart required.

  • Address: IP address to bind locally for HTTP ports. Restart required. 

  • HTTPS Enabled: If false all traffic is handled in plaintext on 'httpPort'. If set to true, then all traffic is forced to use HTTPS on 'httpsPort' and requests to 'httpPort' are redirected. Restart required.

    • Once enabled, the user will be prompted with the below popup to upload their certificate and key files (unencrypted and PKCS12/PFX format) if not already uploaded via the Certificate Files button. Then enter any password for the keystore. This password would be needed to access the files.

    • Once done, the user will need to restart their FIN service.

    • Then the FIN instance will be reachable via HTTPS.

      • Note: If using a self-signed certificate, seeing a “Not Secure” warning is expected.

HTTPS is enabled by default and using a self-signed certificate. When the user first logs in, they will be presented with the below left screen warning them that the connection is not private. The user can upload their own if they would like to switch it or disable HTTPS afterwards. To continue, select the Advanced button and then on the “Proceed to <host> (unsafe)”.

 

 

  • Certificate Files: Upload the certificate and key files needed for HTTPS. This is needed if HTTPS is to be enabled and used.

For more information on creating and converting Certificate Files, see SSL Certificate Management

  • HTTP Port: Port for HTTP traffic. Restart required.

  • HTTPS Port: Port for HTTPS (only applicable if 'httpsEnabled'). Restart required.

  • HTTPS Timeout: The length of time (in milliseconds) the HTTPS proxy server will wait for a reply from a request. Restart required.

  • Disable Error Trace: Disable showing exception stack trace for 500 internal server errors.

image-20251017-223254.png

Host

This is where the superuser can configure few host settings.

  • Host Dis: Display name for this host.

  • Timezone: Default system timezone. Values are from Olson TZ database. – Restart Required. This will automatically detect the system timezone. However, if the user would like to change it to something else, they can do so by selecting the preferred timezone.

  • Week Start Day: Change the start day of the week to Sunday or Monday. Warning this will overwrite for all locales. - Restart required.

  • Auto Logoff: Auto Logoff user after inactivity.

  • Auto Logoff Timeout: Auto Logoff timeout in minutes (default 5min, >1min).

  • Enable Password Protected Snapshots: Forces password protection for all snapshots.

  • Password: Passwords must be a minimum of ten characters and must contain all of the following requirements: mixture of uppercase letters, lowercase letters, numbers, and special characters. This is only available if "Enable Password Protected Snapshots" is enabled.

If password protected snapshots is disabled, the user cannot restore snapshots that are password protected. If password protected snapshots is enabled, the user cannot restore snapshots that are not password protected. Depending on the snapshot, the user will have to either disable or enable this feature.

Log

This is where the superuser can configure the log settings.

  • Buff. Max: Max number of log records to buffer in RAM - Restart Required

  • Max. Age: Max number of days to maintain log files before deleting to free disk space

Note: For the F200, the default is 30day.

API

This is where the superuser can enable/disable API properties.

  • Allow Get with Side Effects: Allow GET HTTPS calls to be used for operations with side effects

    • Enabling this flag will allow GET to be used with any HTTP API operation. The most secure setting is No

  • Allow Text Plain: Allow "text/plain" to be used as an alias for "text/zinc". The most secure setting is No

  • Attest Cookies: Require cookie attestation

    • When enabled all non-GET requests which use a cookie as their authorization token must also include a separate HTTP header called SkyArc-Attest-Key bound to the session. The most secure setting is "Yes"

  • Disable Error Trace: Disable including stack trace when requests raise an exception

User

This is where the superuser can configure user settings.

  • Enable Password Reset: If enabled, users can reset their password via email. It's recommended to enable password reset to reduce the frequency of users accidentally locking their accounts due to forgetting their password. (Use with "Max Resets" to specify amount of resets. Only works with non-superusers)

  • Password Policy: Set the password complexity policy for all users.

  • Password Expiration (Days): Password expiration in days. Passwords are forced to change after this duration expires. A Zero value disables this feature. (Note: For F200, default is 0)

  • Max Failed Login Attempts: A user's account will be automatically disabled if their failed login attempts exceed this value. A Zero value disables this feature. (Note: For F200, default is 0)

Users must now have to be very cautious about how many incorrect password attempts are made if “Max Failed Login Attempts” is enabled. It is recommended that the user only attempts 3 tries (with default settings), then contact a superuser admin to help reset their password before being disabled and locked out. If the all the superuser admins themselves are locked out, there is no way to reset the password. A re-installation of FIN will be required and all users will have to be recreated. You can create a backup of the “user” folder in the var directory of FIN from time to time to be able to backup the users if needed. If the FIN instance is registered to Edge2Cloud, then a superuser from there can access FIN and re-enable the local FIN users.

It is also recommended to create and use a separate superuser account if using the same username as a credential on a Haystack connector to another FIN instance or disable this feature. The reason is if the same username is used and the password is changed, the connector will attempt to reconnect until it is successful. These attempts will count against the failed attempts and lock the user out.

  • Max Activity: The maximum number of activity entries to log per user. When the maximum is reached, the oldest entries are truncated. Setting to zero disables activity logging.

  • Max Resets: The maximum number of password resets that each user can request per day.