Security settings

IP Security

By enabling the IP Security, organization administrators can define who is allowed or not allowed to access their organization's Axon Justice accounts based on the IP address. By default, when your Axon Justice organization is created, IP security is disabled and your organization's sign-in page can be accessed from anywhere within your country.

If you enable IP security, you can authorize specific IP addresses and ranges of IP addresses, such as the IP addresses used at your organization headquarters or at specific districts. Only devices assigned one of the authorized IP addresses can access your Axon Justice organization.

Before you enable IP security, work with your IT staff and your Internet provider to acquire static (non-changing) IP addresses. If you do not use static IP addresses, your organization could be denied access from its own Axon Justice organization. Consumer-grade Internet lines, such as DSL or cable modems, typically have a 200-hour lease. This means that every 200 hours the IP address is refreshed with a new one.

  1. Select Admin, then under Security Settings, select IP Address.
  2. Select Add New IP Address.
  3. Choose whether you are adding a Single IP Address or Range of IP Addresses.
  4. Enter the IP Address or range of addresses.
  5. Enter a useful description of this address in the Label field. The Label field is optional, but descriptive labels help make managing your Axon Justice account easier.
  6. Select Add. The newly added IP Address shows in the table.
  7. Continue adding additional IP Addresses as needed.
  8. Select Restrict User Access to the Trusted IP Addresses Below. You cannot select this option unless at least one IP address or range of IP addresses has been added.

If at any time you want to prevent access from any IP addresses, select the corresponding Delete icon. However, to prevent being locked out of your account ensure that you do not delete your current IP address.

IP allowed lists for multi-homed networks

Axon Justice supports IP security allowed lists for organizations where web traffic can originate from multiple IPs during the same user session. The standard IP allowed list security detects if an active user changes source IP address in the middle of a session and logs the user out. The new setting still restricts site usage to the IP allowed list ranges, but does not terminate a user session if there is an IP change mid-session.

This setting is designed for organizations using network designs where web traffic is sourced from multiple IPs. For example, networks with multiple firewalls or proxy servers can exhibit this behavior. Organizations that load balance outbound traffic across multiple network links also fall into this category. These designs are perfectly valid but cause a false positive for our "Man in the Middle" protection. Until now, these organizations have not been able to utilize our IP allowed list security.

If your organization is not using this type of design, it is recommended that you employ the standard IP session security for the highest levels of protection.

  1. Select Admin, then under Security Settings, select IP Address.
  2. Select Add New IP Address.
  3. Choose whether you are adding a Single IP Address or Range of IP Addresses.
  4. Enter the IP Address or range of addresses.
  5. Enter a useful description of this address in the Label field. The Label field is optional, but descriptive labels help make managing your Axon Justice account easier.
  6. Select Add. The newly added IP Address shows in the table.
  7. Continue adding additional IP Addresses as needed.
  8. Select the Allow IP Address To Change During An Active Session To The Trusted IP Addresses Below check box.

Axon application exceptions

The IP restrictions feature provides additional access security to Axon Justice. However, implementing this feature can impact Axon mobile applications by blocking access, which makes it difficult for officers to effectively use them.

The Axon Application Exceptions settings allow organization administrators to easily add exceptions to IP restrictions for specific Axon applications.

This feature is only supported on the following Axon mobile application versions:

  • Axon Device Manager for iOS v2.0.5 or later
  • Axon Device Manager for Android v3.0.4 or later
  • Axon View for iOS v5.0.1 or later
  • Axon View for Android v5.0.3 or later
  • Axon Capture for iOS v5.0 or later
  • Axon Capture for Android v5.0 or later
  • Axon Respond mobile application for both iOS and Android

Previous versions of the Axon mobile applications will continue to function normally, but will be subject to the IP restrictions, if enabled for your organization.

  1. Select Admin, then under Security Settings, click IP Address.
  2. Scroll to the bottom of the page to the Axon Application Exceptions section.
  3. Select the Axon Applications (Axon View, Axon Capture, Axon Device Manager, Axon Air, and Axon Respond) you want to exempt from IP Restrictions.
  4. Return to the main System Administration page.

Configure password settings

This feature enables organization administrators to define password settings for all users in the organization.

  • Session Timeout: Sets the number of minutes a user can be inactive before the user is automatically signed out of Axon Justice. [default 10, min 10, max 720]
  • Failed Login Limit: Sets the number of failed login attempts before the account is locked out. [default 5, min 1, max 25]
  • Lockout Duration: Sets the number of minutes a user is locked out of their account due to failed login attempts. [default 60, min 1, max 720]
  • Password History: Sets the number of unique new passwords a user must use before an old password can be reused. [default 10, min 1, max 25]
  • Maximum Password Age: Determines how many days a password can be used before the user is required to change it. [default 90, min 7, max 365]
  • Minimum Password Age: Sets the number of days a user must wait between manually changing their password. This setting does not affect administrative password resets. [default 1, min 0, max 7]
  • Minimum Password Length: Sets how short passwords can be. [default 8, min 6]
  • Password Character Requirements: Sets the types of characters required in a user's password. Only the Special Characters option is editable. When enabled, users must include at least one special character in their password.

There are no configuration settings for user security questions. Users have 15 attempts to enter their correct security question responses. User that fail to enter the correct security question responses are locked out of the system for 1 hour.

  1. Select Admin, then under Security Settings, click IP Security.
  2. Below each setting is a description and the default and maximum (max) values of the setting. Set the options based on your organization's requirements. If you want to start over with customizing the password configuration settings, select Restore Defaults.
  3. When have finished configuring password settings, select Save.
  4. In the dialog box, select OK

API settings

The API Settings section is only available to al Axon Justice organizations who request access to the Axon Justice Partner API. The Axon Justice Partner API provides a programmatic means to access the data in your Axon Justice organization. By developing API-compliant client software or using third-party client software, you can use the Partner API to integrate your Axon Justice organization with other systems.

The API Settings page provides organization administrators with the ability to ensure that only authenticated and authorized clients can use the Partner API feature to programmatically configure your Axon Justice organization. An API client can request, create, read, update and delete operations on a variety of data resources supported by the API, which include the following object types:

  • Users
  • Groups
  • Cases
  • Evidence
  • Devices
  • Reports
  • Category Management

The Partner API is available to all Axon Justice organizations. To request access to the Partner API, contact your Axon representative. If you need assistance developing API client software, Axon Professional Services are available for billable work.