AnyX Guide Topic: admin

  • Administrative Users

    Administrative Users

    Manage

    Administrative Users

    0ede0982 image

    Each Organisation has set of permissions, grouped into categories of:

    • sys-admin — users who can do any global administrative action
    • sys-apps-admin — users who can create and modify the state of applications
    • sys-provisioner-admin —
    • sys-users-admin — users who can add/modify other users

    These groups in turn allow adding other groups (you can create a group called ‘my-admins’, add it to sys-admin, and then add users to it).

    A user may be a member of multiple of the administrative system groups.

  • Signup: Firewall Configuration

    Signup: Firewall Configuration

    cyber-insurance-compliance

    SIGNUP

    Firewall Configuration

    During the new organisation Signup flow you may find an error as below. This is caused by a corporate network filter (e.g. Palo Alto) which blocks certain encrypted flows.

    CONTACT

    Overview

    During the new organisation Signup flow you may find an error as below. This is caused by a corporate network filter (e.g. Palo Alto) which blocks certain encrypted flows.

    You may have firewalls in two locations: between your browser and the Internet (e.g. if you run endpoint protection software, or are using a device not currently on your corporate network), and, between the Agilicus Connector and the Internet.

    Firewall Configuration: End-User Browser to Internet

    bfdb9ad0 image

    In order to use your browser with the Agilicus AnyX platform, whether for signup purposes, or for ongoing usage, you need to be able to navigate to these host names:

    (where __MYDOMAIN__ is the domain name you will choose during the signup process).. You will know you need these rules if you see errors like below image.

    In addition, your name server (DNS) must be able to resolve:

    • ca-1.agilicus.ca
    • api.agilicus.com
    • www.agilicus.com

    The most common problem observed is that if you navigate to https://auth.agilicus.cloud you get an error implying the connection was RESET. This is typically done by a content-filtering firewall such as Palo Alto blocking “auth.*” as a domain name.

    To resolve, work with your outbound firewall filtering vendor to allow:

    • *.agilicus.com
    • *.agilicus.ca
    • *.agilicus.cloud

    Firewall configuraton: Agilicus Connector to Internet

    The Agilicus Connector makes outbound connections only, on port 443 HTTPS only. It will have 2 outbound TCP connections (for resilience) as well as periodic ones to its API and update server.

    Configure your outbound firewall to allow:

    • www.agilicus.com (upgrades)
    • api.agilicus.com (configuration)
    • agent-server.ca-1.agilicus.ca
    • *.__MYDOMAIN__ (authentication via auth.__MYDOMAIN__)

    If you prefer to use IP (and port) – based rules, you may use as below. Note: it is possible this list will change in the future.

    • 34.95.12.47 (www.agilicus.com)
    • 35.203.36.11 (api.agilicus.com)