Security - Access to Planon features via encrypted keys
In Planon ProCenter , Planon administrators can create encrypted URLs that can be used to grant secure and limited access to Planon features.
To achieve this, Planon administrators can generate a key pair to enable the use of encrypted URLs. A key pair consists of a private key and a public key that together provide two functions: authentication and encryption. The private key (used to generate the key) and the public key (used to decrypt the key) are stored in the database.
In the System settings > Security TSI, you can generate various types of encrypted key pairs by selecting the corresponding action on the action panel (for options 1,2 and 3) or by enabling a setting (option 4):
1. Access key pair - select the action Generate access key pair to create an encrypted URL for a user account, which can be used to grant access to specific Planon functionality. Access keys are intended to enable multiple logins of the same account to limited functionality.
 | You can only create access keys via the Planon ProCenter web client. The Access key login works for Self-Service, SDK, Planon AppSuite and Kiosk clients. Consequently, you cannot select the Access keys business object in Enterprise Talk and SDI, nor is it possible to reference an Access key field in an expression in Reports or other places. Also see WebHelp topics: Accounts > Access keys and Web services > Session management. |
2. Cipher key pair - select the action Generate cipher key pair to create an encrypted URL for deep link items. In Planon, deep link item URLs can be used to direct an external audience to a specific piece of Planon content.
3. Resource key pair - select the action Generate resource key pair to create an encrypted URL for the use of (secure) documents and images in Planon apps. Resource keys can be used to prevent documents and images from becoming inaccessible to app users after their user session has expired and their cache has been cleared.
4. Planon Live app - automatic access keys - setting that you can use to enable the automatic generation of access keys for the Planon Live app in case the app users log on via SSO. Use the setting Auto-key lifespan (in days) to set a time span during which the key will be valid.
 | The Planon Live app is no longer available in the stores, as it is deprecated. Migrating to its successor, the Planon app is highly recommended. The above setting does not apply to the Planon app, which has a different and improved authentication method. See: Authentication methods. |
When a key pair is generated, the Planon administrator can provide the intended audience with the new keys and grant (limited) access to Planon features.
| | For Planon AppSuite, access keys does not need to be distributed. App users will get access automatically upon logging on to the app. This will remain valid for 100 days. |