Specifying External and Internal Domains

(See also Allow LDAP Authentication through DMZ Gateway and Internal Domain Settings dialog box.)

By default, an EFT Site uses the same host address and SSL certificate, and email notifications create links to the same host address, as shown below.

But suppose you want to create an environment in which users in their internal network can access EFT while at their internal workstation, but, for security reasons, you don't want those employees to connect to the server from outside the offices, such as when they are working at the local coffee shop or at a partner location. Also suppose that your company wants to segregate Workspaces participants that are external to the company network, such as vendors and customers.

If you want EFT to distinguish INTERNAL access from EXTERNAL access, you can specify a host address for DMZ Gateway (Internet-facing) entry to EFT, and anything flowing into EFT from that path will be considered external, then specify a different host address for internal users, as described below.

The external domain is specified on the Site's Connections tab:

An Internal Domain button is available next to the HTTPS port box on the DMZ Gateway tab of the EFT Site:

 

To specify the internal domain on a site

  1. In the EFT administration interface, click the Server tab, then click the Gateway node.

  2. On the DMZ Gateway tab, next to the HTTPS port box, click Internal Domain. The Internal Domain Settings dialog box appears.

  3. In the Internal host name box, specify the URL through which internal users should log in to EFT. Internal host name is empty by default. Empty means that no domain matching is performed and notification links are not altered.

  4. Click Configure to specify the SSL certificate. Internal users can use a different SSL certification than the external users. For example, for internal connections, and self-signed certificate created by EFT should be adequate.

  5. In the Internal email domains box, specify one or more SMTP domains used by internal users, separated by semicolons. Internal email domain is empty by default. Empty means no email domain matching is performed and notification links are not altered.

  6. Select the check boxes as needed:

    • Allow LDAP authentication to EFT through DMZ Gateway - Allows anyone connecting to EFT through DMZ Gateway to connect using LDAP authentication

    • Make LDAP authentication exclusive for internal connections - Prevents external connections to EFT through DMZ Gateway over LDAP

    • Require 2nd factor auth for internal users - Requires internal connections to EFT through DMZ Gateway to connect using LDAP authentication to use two-factor authentication, such as RSA SecurID

  7. Click OK.

Workspaces Invitation and Notification Email Links

With separate internal and external domains defined, you can send different notification emails to internal and external accounts from the same EFT Site:

  • If EFT sends an email where the email domain (after the "@" symbol) matches one of the specified "internal domains" values, any URLs formed by EFT and pointing to EFT in the email should be constructed using the internal host name (for example, internal.example.com).

  • If EFT sends an email where the email domain (after the "@" symbol) does not match any of the specified "internal domains" values, any URLs formed by EFT and pointing to EFT in the email should be constructed using the default host name specified in the DMZ Gateway tab (for example, example.com).

  • If no internal host name was specified, then EFT will use the default host name.