Login

When you log into your account or ISL Light, we recommend using a strong password and setting two-factor authentication to make your account more secure.

Use strong account password

The security of your data depends not only on the strength of the encryption method but also on the strength of your password.

To help you create a strong password, ISL Online's password security policy is based on the latest NIST specifications. Your password must be at least 8 characters long. You are allowed to use any printable ASCII characters and spaces, while any leading and trailing spaces will be removed. Your password is checked against the deny list, which consists of the most common and simple passwords.

Set two-factor authentication

Two-factor authentication (2FA) is an extra layer of security for help desk technicians and IT professionals. With 2FA enabled, operators can only log in to the ISL Online system by going through a two-step verification process by providing something they know (password) and something they have (2FA token).

How to set up two-factor authentication

External authentication (server license only)

Various types of authentication schemes can be integrated into the ISL Online system, such as OpenLDAP, Microsoft Active Directory, Novell eDirectory, or RADIUS. When external authentication is configured, operator access rights and permissions to use the ISL Online software are managed by IT administrators using their corporate user management directories.

Read manual

Access Password

When you install unattended access (ISL AlwaysOn) on a remote computer, you must set a secure access password. This will be your main access password, which you must provide each time you try to access the remote computer.

Main Access Password

Main access password is an access password which is defined during installation, and can be used to connect to the remote computer by any user.

Read manual

Connection Access Password

If you have shared access to a remote computer with other users in your account, you have the ability to set a different password for each user. Connection access password can be set manually in the ISL AlwaysOn settings.

Read manual

One-Time Password

Generate one-time passwords manually in the ISL AlwaysOn settings. Each one-time password can only be used once to connect to a remote computer.

Read manual Watch video (3:14)

Additional Settings

The ISL AlwaysOn settings allow you to modify or customise several security settings for connecting to an unattended computer.

Allow computer access also with local user consent and no access password

Allows the operator to connect to a remote computer without an access password. In this case, the local user has to approve the connection. To use this setting you have to use the next command line parameters when starting ISL Light:

Maximum number of active sessions to this computer

Allows to set the maximum number of active sessions to this computer. For example, to limit the access to one simultaneous connection to the computer use value "1". The default is set to Unlimited.

Show Notification of incoming connection

Allows the client to see a countdown notification when a connection is being established to their computer. You can specify the timeout and the options available to the local user. After timeout the default action is executed if the remote user is allowed to reject connection.

Allow local user to reject connection

This option becomes available if you have enabled the "Show notification of incoming connection" option. The local user sees a notification that gives them the option to accept or reject the connection made by the supporter.

Lock computer when session starts

Lock the remote computer when the session starts, you will have to enter the account info to log in.

Lock computer when streaming and no network connection

If the connection is interrupted while connected to the remote computer, the remote computer is automatically locked.

Lock computer when session ends

Automatically lock the remote computer when session ends.

Enable black screen when session starts

The local user will see a black screen when the remote session is active.

Length of delay before black screen is stopped after ESC has been pressed (in seconds)

Set the timeout in seconds that starts when you press ESC. Once timed out, the black screen is disabled and the local client can see the screen. The maximum timeout is 180 seconds.

Read manual

Email Notifications

Receive an email notification each time a remote access session starts, stops, fails or a file is downloaded on a specific computer.

Read manual Watch video (0:58)

Access Filters

For security reasons you might want to restrict the use of ISL Online software within your organisation. You are able to limit the data access to ISL Online servers based on the IP and/or MAC addresses. You can use the “allow” function to specify lists of IP/MAC addresses that are allowed to start a remote support session or access an unattended computer. On the other hand, you can use the “deny” function to specify the lists of IP/MAC addresses. These rules can be defined for a specific user or the entire domain on the ISL Online server.

For example, you can allow your employees to generate session codes for a remote support session from the office only (your company‘s range of IP addresses).

Read manual Watch video (0:56)

Port Filtering

Good remote desktop software works without making any firewall adjustments.

With ISL Online, your firewall can remain intact as ISL Light automatically initiates an outgoing connection, trying to connect using ports 7615, 80 or 443.

However, larger organisations may have a policy in place regarding the configuration of their firewalls or proxies. System administrators might want to open port 7615 only to pass the ISL Online traffic through directly and keep filtering the rest. They can also configure DNS name exception or IP address exception.

Regardless of the network configuration, ISL Online apps will automatically try different approaches to find a working transport (detecting proxy settings, using WinINet, creating a tunnel, making use of the wildcard DNS etc.). When a Direct Connection is used, the firewall must allow connection via the ports needed for STUN and TURN protocols. Most commonly port 3478 is used, however relay connections are made on arbitrary high ports.

Read manual

Computer Access History

Search connections that have been established within your account, desktop connection timestamps, and other useful information.

Read manual Watch video (0:34)

Restriction on Features

Remote desktop software is a universal tool, used virtually in all industries. Accordingly, there are countless different use cases which call for very flexible solutions that allow restriction on features to adhere to distinct security standards.

ISL Online allows you to restrict features that are available within a session: taking control of the remote computer, transferring files between customer and operator and many other features.

An example of where restricting a feature is essential: a bank employee should be able to see a client's computer screen, but should never be able to start sharing his/her own desktop. In this case, desktop sharing on the desk side can be disabled.

Read manual

Intranet (LAN-only) Option

Some large organisations only use ISL Online for their internal support across different geographical locations. In such cases remote desktop software must allow establishing remote desktop sessions within a local area network (LAN) only.

If you plan to use ISL Online within your LAN (intranet) only, there is no need for a public IP address. You only need a private address in the range of private networks (as specified in RFC 1918).