The account settings let you define different attributes of the account, such as two-factor authentication, account notification emails, and weekly report settings. You can also define Origin Lock settings.

Access Account Settings

Log in to your my.imperva.com account.

  1. On the top menu bar, click Account > Account Management.

  2. On the sidebar, click Account Management > Account Settings.

Account Details

This section contains all account-level configuration options.

Require users to use Two Factor Authentication

Forces all users of the account to configure two factor authentication for their logins. Users that have not configured two factor authentication will be required to do so before logging in. (Available for account admins only.)

Note: Two factor authentication is not activated if the user logs in with SSO.
Allow Two Factor Authentication through E-mail Enables users to receive a passcode for two factor authentication via email. If this option is not selected, users can choose to receive a passcode via one of the available authentication methods.
Allow access from the following IP addresses only

Limits access to the Cloud Security Console via the Ui and API to specific IP addresses (e.g., the IP addresses of the company’s offices).
Time zone Determines the time zone for the account and all sites under it. For example, all dashboards and event logs for sites will show events in accordance with the configured account time zone.
Support level Shows the account's support level (managed/standard).
Subscribe to weekly reports

Imperva produces a weekly report for every account that chooses to receive it. The weekly report contains general information on the account as well as all sites under the account.

Weekly reports contain comparative information between last week and the previous week. Due to this design, a new account can only receive its first Weekly Report two weeks after the account is created.

The weekly report is sent to all email addresses defined in the Account and Website > Account Notifications recipient list. For details, see Notification Settings.

The email you receive contains a link for downloading the report in PDF format. Anyone with the link can download the report. It does not require a user or login to Imperva.

The report can also be reviewed in retrospect or generated on demand, using the Weekly account report option on the Account Settings page.

Accounts with sub accounts: You can subscribe to weekly reports for the parent account, and also for any sub account, via the account/sub account's Account Settings page.

  • Parent account: The report includes statistics for sites directly under the parent account only. It does not include the sub accounts.

  • Sub accounts: A separate report is generated for each sub account that has the option enabled. A sub account report includes only the statistics for the specific sub account.
Weekly account report

View the last weekly report or generate a new one.

  • View: Displays the last report generated by the system. This option is available after you have subscribed and have received the first weekly report.

  • Generate and send now: Generates a new report and sends to the account email addresses.

Note: The report is created in real-time based on current data. Generating the report multiple times for the same week can yield slightly different results, as some additional data may become available at a later time and then incorporated into the report.
Support all TLS versions

Enables support for TLS versions earlier than 1.2.

In compliance with PCI-DSS requirements to disable the use of TLS 1.0, and due to known vulnerabilities in TLS 1.1, Imperva has defined TLS 1.2 as the default minimum supported version for connectivity between clients (visitors) and the Imperva service.

To remain PCI-compliant, do not enable this option.

For more details, see Web Protection - SSL/TLS.

To configure this setting for a specific website, see Customize Website TLS Configuration.

Note: You cannot disable this option if it is enabled for any of the account's sites. First disable the Support all TLS versions option for each site that has it enabled.
Enable HTTP/2 from end-user to Imperva for newly created SSL sites

Enables HTTP/2.0 support for traffic between end-user (visitor) and Imperva for all new SSL sites that are added after this setting is enabled.

Allows supporting browsers to take advantage of the performance enhancements provided by HTTP/2 for your website. Non-supporting browsers can connect via HTTP/1.0 or HTTP/1.1.

Note:

  • HTTP/2 support is available only for sites that have SSL support.
  • You can enable or disable HTTP/2 support at the site level for any individual site. For details, see Delivery Settings.

See also: HTTP/2 FAQ
Enable HTTP/2 to origin for newly created SSL sites

Enables HTTP/2 support for traffic between Imperva and your origin server for all new SSL sites that are added after this setting is enabled.

Note:

  • To turn on this option, you must first turn on the Enable HTTP/2 from end-user to Imperva for newly created sites option.
  • You can enable or disable HTTP/2 support at the site level for any individual site. For details, see Delivery Settings.

  • If this option is enabled for a site and your origin does not support HTTP/2, we retry the connection using HTTP/1.1. In this case, logs will show the error REQ_ORIGIN_DOESNT_SUPPORT_H2. If your origin does not support HTTP/2, it is recommended to turn off this option.

See also: HTTP/2 FAQ
Enable HSTS for newly created SSL sites

Enables HTTP Strict Transport Security for all new SSL sites added after this setting is enabled.

To configure this setting for a specific website, see Customize Website TLS Configuration.
Reference ID Enables you to add a unique identifier to correlate an object in our service, such as a protected website, with an object on the customer side.
Allow sites to add a large number of redirect rules Enables you to create up to 20,000 simplified redirect rules per site in your account. For details, see Create Simplified Redirect Rules.
Created On

The date the account was created.

Session Inactivity Timeout

The session inactivity timeout defines the amount of time the session can be inactive before it times out. If there is no user activity (mouse/cursor movement) detected in the Cloud Security Console during this time period, the user is automatically disconnected.

By default, the session inactivity timeout is set to 15 minutes.

You can choose one of the other available options, from 30 minutes to 240 minutes.

For optimal security, setting a session inactivity timeout longer than 15 minutes is not recommended.

In the event of an external user (a user created in a different account who has been granted permission to view and/or edit this website), the timeout settings in the original account are used.

Data Management

Default data storage region

Select a region for storing your Imperva data.

This option sets the default data storage region for new sites created in your account and for network layer data, such as network layer 3/4 headers, which contain IP addresses.

Available regions include APAC, AU, EU, and US.

You can view or change the region for any site. For detail, see Website General Settings.

For more details, see Data Storage Management.
Override site event data region by origin geolocation Overrides the default setting defined by the Default data storage region option and enables the system to automatically select the WAF event storage location for each website independently.
Delete sites’ security and access event data

Permanently delete the security and access event data stored for the sites in your account. (Available for account admins only.)

After you click Delete and then confirm the deletion, the process begins. Data is permanently deleted within 48 hours.

For more details, see Data Storage Management.

Origin Lock

Origin Lock associates a specific IP or certificate fingerprint with your account to prevent other accounts on the Imperva service from setting up sites that forward traffic to your origin server.

How does it work?

The Imperva cloud service is positioned between the end users (visitors) and your origin server. In this topology, the origin server IP might be inadvertently accessed by other tenants hosted on the same service.

If tenants on the service configure a site to point to an origin server belonging to another account, they become the first hop for traffic that arrives from the visitor on its way to the original IP (incoming traffic). This could allow other application traffic to reach the origin server.

Imperva Origin Lock adds an extra layer of security by associating IP addresses with one specific account. This feature "locks" the IPs of a given account and prevents them from being used by others.

If your IP or certificate is only used by your account, it is highly recommended that you enable Origin Lock.

Note: If you are using a cloud service provider that issues ephemeral or temporary public IP addresses for your virtual compute workloads and want to use this feature, you must have your own registered PA or PI IP space allocation.

To enable Origin Lock:

Contact our support team at https://support.imperva.com. The support team will let you know once the restriction is set.

When setup is complete, the list of locked IPs/fingerprints is displayed in the Origin Lock table.

Note: Fingerprints are listed without spaces. To search the table for a specific fingerprint, first remove all spaces.

DDoS Protection for Networks and Individual IPs - Sub Accounts

These options are available in accounts subscribed to at least one of the Network Security DDoS Protection services.

Enable protection and monitoring settings for sub accounts

Enables the viewing and configuration of DDoS Protection for Networks/IPs protection and monitoring settings in the account's sub accounts.
Enable connectivity settings for sub accounts

Enables the creation of connections between Imperva and your origin network in sub accounts. Connections in a sub account are then used only in the specific sub account in which they are created. Connections cannot be shared between the parent account and its sub accounts.

If this option is not enabled, connections can be created in the parent account only and shared by the parent and sub accounts.

This option is available only when the Enable protection and monitoring settings for sub accounts option is turned on.

DDoS Protection for Networks - DDoS Attack Event Notification Thresholds

Select the sensitivity threshold for receiving notifications when traffic is blocked across your protected networks.

Key benefits:

  • Receive notifications that match your network's specific operational needs.
  • Get early warnings about potential DDoS events.
  • Monitor smaller-scale traffic blocking events that may be critical for your network.

This setting can be defined in a parent account only, and applies to all network ranges defined in the account.

Low Sensitivity (Default option)

 Receive alerts when 30% of traffic is blocked for at least 5 consecutive minutes.
Medium Sensitivity Receive alerts when 10% of traffic is blocked for at least 3 consecutive minutes.
High Sensitivity Receive alerts for smaller volumes of blocked traffic below DDoS attack levels.

 

 

Tip: Click in any section of the Account Settings page to download a list in .csv format.