User Guide Cancel

Enhance Adobe Connect account security

  1. Adobe Connect User Guide
  2. Introduction
    1. What's New in Adobe Connect
    2. Adobe Connect meeting room basics
    3. Adobe Connect Capabilities in HTML Client
    4. Adobe Connect application for desktop
    5. Adobe Connect technical specifications and system requirements
    6. Keyboard shortcuts in Adobe Connect
  3. Adobe Connect Meeting
    1. Start, attend, and manage Adobe Connect meetings and sessions
    2. Host and Presenter Area in Adobe Connect
    3. Adobe Connect application for desktop
    4. Adobe Connect pre-meeting diagnostic test
    5. Adobe Connect Central home page
    6. Share content during a session
      1. Screen sharing in sessions
      2. Share pod
      3. Screen sharing on browser
      4. Share system audio
      5. Share a document
      6. Share a presentation
      7. Share a whiteboard
      8. Share files
      9. Share web URLs
    7. Update and manage Adobe Connect meetings
    8. View meeting reports and analytics data
    9. Work with Pods
      1. Pods in sessions
      2. Notes pod
      3. Chat pod
      4. Q & A pod
      5. Poll pod
      6. Quiz pod    
    10. Reactions in Adobe Connect room
    11. Accessibility features in Adobe Connect
    12. Create virtual meeting rooms and arrange layouts
    13. Breakout rooms in Adobe Connect meetings
    14. Manage meeting attendees in Adobe Connect
  4. Adobe Connect administration and maintenance
    1. Enabling Adobe Connect HTML client
    2. Enabling single sign-on in Adobe Connect
    3. Change the timeout period
    4. Configure audio providers for Universal Voice
    5. Create and import users and groups in Adobe Connect
    6. Enhance Adobe Connect account security
    7. Generate usage reports in Adobe Connect Central
    8. Administer and manage Adobe Connect accounts
    9. Manage users and groups
    10. Set permissions for library files and folders
    11. Back up user data, database, and settings of Adobe Connect server
    12. Build custom reports from the Adobe Connect database
    13. Maintain disk space and clean cache on an Adobe Connect server
    14. Manage and monitor Adobe Connect server logs
    15. Start and stop Adobe Connect services
  5. Adobe Connect Events
    1. About Adobe Connect Events
    2. Manage Adobe Connect Events
    3. Attend Adobe Connect Events
    4. Create and edit Adobe Connect Events
    5. Event analytics for webinars
  6. Adobe Connect Training and Seminars
    1. About Adobe Connect courses and curriculum for training
    2. Conduct trainings with Adobe Connect
    3. Create and manage seminars
    4. Create training courses in Adobe Connect
    5. Create and manage training curriculum in Adobe Connect
    6. About Virtual Classrooms in Adobe Connect
    7. Adobe Connect reports to monitor training features
    8. Participate in Adobe Connect training sessions and meetings
    9. Session dashboard
    10. Closed captioning in Adobe Connect
  7. Audio and video conferencing in Adobe Connect
    1. Audio in Adobe Connect meetings
    2. Record and play back Adobe Connect meetings
    3. Video in Adobe Connect meetings
      1. Pop out video from video pod
  8. Manage user content in Adobe Connect
    1. View reports and usage information about uploaded content
    2. Work with content in the Content library
    3. Work with Adobe Connect library files and folders

 

Adobe Connect administrators can turn on and enforce secure HTTPS connections to boost the security of their servers.

Adobe Connect administrators can enhance the security of their account from the Administration tab.

  1. Click Administration > Account > More Settings.

  2. Select Requires SSL Connection (RTMPS), so Adobe Connect enforces the use of RTMPS protocol.

  3. Select Enable Enhanced Security, to force Web Services APIs to use secure (HTTPS) connection and generate new session identifier after successful login.

    Note: Adobe recommends checking Enhanced Security option.

Cross-Site Request Forgery (CSRF) protection

Adobe Connect enables end users or admins to enforce CSRF protection for state-changing XML API calls. 

We recommend that you enable CSRF protection for XML APIs, as it is the most secure configuration.

To enable CSRF protection, follow the steps below:

  1. On the Adobe Connect central page, click Administration > Account > More Settings.

  2. In the section CSRF Settings, check the option Enable CSRF Protection for XML API.

    Note: If Adobe Connect 11.4 was installed as a patch over a previous version, the option will be unchecked by default.

  3. CSRF protection relies on the client to send a secure session-specific CSRF cookie and a matching request parameter. All state-changing API calls are protected, for example:

    • acl-create
    • acl-field-update
    • acl-multi-field-update
    • permissions-update
    • sco-update
    • sco-upload
  4. Follow the steps below:

    1. After you authenticate, the following cookies are generated:

    • BREEZESESSION as the main Connect session cookie
    • BreezeCCookie as the CSRF cookie, based on the Connect session cookie

    2. Call the common-info API to get the CSRF token corresponding to the CSRF cookie (BreezeCCookie).

    • the CSRF token is returned as <OWASP_CSRFTOKEN><token>...........</token></OWASP_CSRFTOKEN>

    3. Send all subsequent HTTP GET API calls that change state with the BreezeCCookie as a cookie and a OWASP_CSRFTOKEN. For example:

         https://\[SERVER_URL\]/api/xml?action=\[state changing action\]&........&OWASP_CSRFTOKEN=[token_extracted_above]

    4. For integrations that call single or multiple XML APIs via a single HTTP POST method, send the OWASP_CSRFTOKEN (along with the BreezeCCookie CSRF cookie), as shown below:

        <actions mode='...' OWASP_CSRFTOKEN=[token_extracted_above]>

  5. Enable the option Exempt CSRF Protection for XML API calls to the following path.

    When you check this option, a server-generated secure URL appears. This URL allows accounts ith XML API integrations to continue making their XML API calls against a secure and unique server-generated URL path.

Get help faster and easier

New user?