Hotlinks are a form of hyperlink within Agiloft that allow external users to access the system or a specific record by clicking a link. Hotlinks can execute complex functions, such as logging in to a specific table, running a saved search, and more. You can embed hotlinks in emails from within Agiloft and have them generated at runtime, or you can generate them manually and use the links outside of Agiloft. To ensure hotlinks are secure, use encryption and user authentication, which are important security features. This page focuses on these security features, but for information on how you can create hotlinks, see Hyperlinks.
System-generated hotlinks are automatically encrypted, so it is not possible to use them to obtain user login details, but it can still be important to require user authentication. If a malicious user has access to the encrypted link, they could still access the system and edit or view a record. There are two recommended levels of protection against this possibility, which involve variations of user authentication.
To configure either of these two levels of protection, click the Setup gear in the top-right corner and go to Access > Configure Hotlinks:
- The recommended option is to require the user to enter their login and password every time. This prevents anyone else from using the hotlink without providing the correct login credentials.
- The next best solution is to require the user to enter their login and password the first time they use a hotlink. This prevents anyone else from using the hotlink unless they have access to the same workstation, or to the same credentials. This option also allows you to add exceptions to the requirement, and to add an expiration period for the session.
Manually Encrypted Hotlinks
You can create hotlinks manually for use in action buttons or outside the system, but they are not automatically encrypted. Instead, manually created hotlinks must also be manually encrypted. We highly recommend encrypting any hotlinks you create; otherwise, the username and password that the hotlink uses will be visible within the link itself.
Follow these steps to manually encrypt a hotlink:
- Go to Setup > Access > Automatic Login Hotlinks.
- Select any groups to exclude from using the hotlink.
- Enter the hotlink in the Encrypt Hotlink box.
- Select an expiration time for the hotlink, after which the hotlink will no longer work.
- Click Encrypt. The newly encrypted hotlink then appears in the Encrypted Hotlink box. You can copy and paste the link as needed.
Imagine you enter the following hotlink:
In this example, you can clearly derive the username and password from the link. After clicking Encrypt, the system encrypts the sensitive portions of the link and generates an output like the following: