157 results found
-
Website User 'Approver' shows GUID value, not readable ID/name
Website Users>Details show GUID in 'Approver' field, however, export of users correctly shows ID/name of the 'Approver'. As an administrator of user accounts, I need ability to see 'Approver' ID/Name on the user Details page, instead of requiring export of all users to view the identity of the Approver.
17 votes -
MFA/2FA for Admin Console Access Across All Domains
Hi Team,
Referring to tickets #1676413, #1498526, #1492633 and #1721382 —
The Brasseler client is looking to enable multi-factor authentication (MFA) specifically for the admin account. Could you please confirm if this is supported by Optimizely?
We reviewed the documentation provided for Set up multi-factor authentication, but it appears to apply at the Opti ID level, whereas the client is specifically looking for MFA enforcement at the admin account level and at Admin site. This request has come from their internal security team.
We would appreciate your guidance on this.
Thanks for your support.
11 votes -
Ability to force website users to sign in
When Remember Me/Keep Me Signed In is enabled for the website, and the user selects the Remember Me/Keep Me Signed In option when signing into the Website, there is nothing that forces them to sign in again if their role has been changed. They can return to the website based on their cookies, even though their role has now been changed (example: from Buyer3 to Buyer1). As a result, they can place an order without approval.
Please implement a function to force website users to sign in again when their role has been changed.
5 votes -
Captcha functionality
Please note: this idea required splitting so that various points may be addressed as information becomes available.
New request:
Captcha functionality - when users initially come into the site or users are starting an order or users are entering credit card information
Original request:
Please help with implementing below security features ASAP. There are so many frequent attacks on the website that causes the websites to go down.
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of specific countries (Challenge beyond the primary range/limit and block beyond the secondary range/limit)
- Basic Rate Limiting - Can we…
4 votes -
Enable Cloudflare's leaked credentials detection
Please note: this idea required splitting so that various points may be addressed as information becomes available.
New request:
- WAF compromised credentials check
Original request:
Please help with implementing below security features ASAP. There are so many frequent attacks on the website that causes the websites to go down.
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of specific countries (Challenge beyond the primary range/limit and block beyond the secondary range/limit)
- Basic Rate Limiting - Can we add a rule with rate limiting to block DoS attacks
- Bot Protection - Challenge suspected bots to confirm user…
4 votes -
Bot prevention measures
Please note: this idea required splitting so that various points may be addressed as information becomes available.
New request:
- Bot Protection - Challenge suspected bots to confirm user authenticity
- Bot detection with javascript to identify headless browsers
- Any other WAF rules to protect the website from anonymous usage and attacks
Original request:
Please help with implementing below security features ASAP. There are so many frequent attacks on the website that causes the websites to go down.
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of specific countries (Challenge beyond the primary range/limit and block beyond the…
4 votes -
Website Stability via Rate Limiting
Please note: this idea required splitting so that various points may be addressed as information becomes available.
New request:
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of specific countries (Challenge beyond the primary range/limit and block beyond the secondary range/limit)
- Basic Rate Limiting - Can we add a rule with rate limiting to block DoS attacks
Original request:
Please help with implementing below security features ASAP. There are so many frequent attacks on the website that causes the websites to go down.
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of…
4 votes -
Control Panel Scheduler Must take Time Changes into account without re-scheduling jobs twice a year.
1) Goals
• Users can schedule jobs using their local date/time and time zone, and the job will run at the correct absolute instant even across DST and zone changes.
• This must take into account Daylight Savings time changes in the Spring and Fall
• The current Opti control panel only allows one time zone to be used (UTC). Need the ability to handle more than one.
• User should not have to manually re-schedule jobs two times per year when clocks change
• Admins and integrators can display and manage schedules in any time zone, and any time…3 votes -
Increase job's parameters to nvarchar(max)
Increase job's parameters to nvarchar(max) so we can have larger values such as JSON. We are using custom properties to suit our needs, which is not the best approach.
Tables:
IntegrationJobParameter
JobDefinitionParameter
JobDefinitionStepParameter4 votes -
Prevent bot spamming logs
We often see a lot of errors in the application logs related to bots spamming the website with URL requests that do not even exist, quite often these end in .php extension; example: https://[ConfiguredCommerceURL]/admin/function.php. These seem to be attacks that try to find vulnerabilities on the website. While often times these are harmless, they do pollute the application logs, making it harder for developers to find actual errors that are worth reporting. This feature request is to simply capture that kind of spam requests and simply block them, without processing anything else (these often come with errors such as 'Unity.Exceptions.InvalidRegistrationException'…
12 votes -
website users filteraccessible fields
We need to show assigned customers and roles as column/exportable fields from the admin console. these fields could be delimited as possible multi value but currently cant access those fields at all without going into each individually
3 votes -
Request for an out of the box configuration setting for when sessions are fully expired
Request for an out of the box configuration setting for when sessions are fully expired:
• Session Expiration and let the client decide if they would like to redirect to Session Expired Page, or use Overlay with Session Expired Modal on same page.
• In this setting we could also provide additional sub-setting with ability to enable a session expiration warning (admin can set the number of minutes)Incomplete Client-Side Inactivity Timeout: We have two different issues with this vulnerability,
• If a customer steps away from their system without an automatic logout after a period of inactivity, there is…6 votes -
Better extensibility options for Search V2 Indexing
We have a requirement on our project that requires us to change the behavior of the search indexing v2. In trying to do so, our development team ran into an issue where the class we needed to extend was not extensible (internal, sealed, or non overrideable methods).
Basically what we are trying to do is remove the condition that excludes child products when fetching indexable products that is in line 896 of class Insite.Search.Shared.DocumentTypes.Product.Index.SearchV2.Models.Product (this is in version 5.2.2412.1705)
What we would like to see changed is:
1 - Make the SearchV2.Models.Product public instead of internal and remove the sealed…
7 votes -
PIM - User Roles Don't Work
Optimizely confirmed the existing PIM roles do not work but asked me to enter it as feedback instead of a bug. A user must be an Admin to update an image, which is not optimal. There are existing PIM roles with Edit permissions for items and images, but they do not work. Fix the existing roles, or custom roles and permission so a user doesn't have to have full admin authority to edit an image or an item field.
2 votes -
Many customers change their SKU and it's not really supported in Configured Commerce
We have several client which rename SKUs in their ERP instead of deactivating and create a new one for multiple reasons. Recently one of them ask us to create a "Master UID" for them to map and update our products, but this field is internal only and not visible to the customers, so it's an internal ID used between the ERP, PIM and Configured Commerce to update the product.
Can such a field be added and could be used as an alternate natural key to simplify everything? Seems to us like a common issue.
2 votes -
Add the ability to grant impersonate permissions to custom roles
I want to be able to create a custom role for the admin console users that while given limited permissions through the Application Dictionnary would also be granted the ability to impersonate website users. Currently, the impersonate feature is limited to 4 roles: ISCSystem, ISCImplementer, ISCAdmin, ISCUser. Being able to customize the CanCurrentUserImpersonateAnotherUser method used by the AccountController would give more flexibility.
5 votesOur development team is currently working on this item, and it’s likely to be added to the roadmap soon - pending any technical challenges
-
Optimize Wishlist Updates: Refresh Line Item Only, Not Entire Page
Optimize Wishlist Updates: Refresh Line Item Only, Not Entire Page.
Current Behavior (for customers using live inventory and price via API):
In Configured Commerce, when a user updates a product within a list or quote (e.g., changing quantity or removing an item), the entire list page refreshes. This results in longer load times and a less efficient experience, particularly for large lists.Requested Enhancement:
Modify list/quote functionality so that updates apply only to the specific line item being changed, rather than forcing a full list refresh (must also adjust the product total). Ideally, this would be handled via an asynchronous…2 votesThank you for submitting this request! Currently in order to handle the complexity of keeping the data consistency between the My List Details and My Lists Page(s) across the wide customer base we require resetting the state after updates on the line item(s) within Lists.
While we do not have any changes planned to alter this behavior on base please feel free to continue sharing feedback and impact.
-
Send order confirmation as pdf attachment
Our customers want to receive their order confirmations as a PDF attachment. Many still want to print them, attach a digital copy to their ERP, or save a digital copy. PDF's make this much easier.
Many won't order online since they don't like the order confirmations. Others require us to manually send a PDF version out of our ERP after they have placed their order.
2 votesThank you for submitting this request! Our team is currently reviewing this feature, particularly with consideration of our wide client base. We will update this ticket once we have completed this investigation.
-
Order checkout rules
We received requests from several customers that their business required users to fulfill certain conditions before they can checkout. For example:
- Minimum order amount.
- Shipping carrier is required.Please implement the capability of creating checkout rules to provide customers with controls over their incoming orders.
2 votesThank you for submitting this request! We have added this item to our backlog for future consideration and prioritization.
If there are more details regarding the desired experience for these storefront customers who do not meet the rules that would also be appreciated.
Would there be a goal to encourage users to shop their MyLists or have selection of recommended products for example or would the desire be to simply disable the ability to checkout with appropriate messaging as to the rule that needs to be met to continue?
-
Manage email suppression list
Allow the management of the email suppression list to which email addresses are added after multiple failure to send email.
Currently there is no visibility to this list.1 vote
- Don't see your idea?