feat: adds page about self-managed handsets
Some checks failed
ci / build_and_publish (push) Failing after 1m39s
Some checks failed
ci / build_and_publish (push) Failing after 1m39s
This commit is contained in:
parent
405ce462b1
commit
0d6676a154
3 changed files with 95 additions and 6 deletions
11
docs/link/e2e_channels/index.md
Normal file
11
docs/link/e2e_channels/index.md
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
sidebar_position: 50
|
||||
sidebar_label: E2EE Channels
|
||||
---
|
||||
|
||||
import DocCardList from '@theme/DocCardList';
|
||||
import {useCurrentSidebarCategory} from '@docusaurus/theme-common';
|
||||
|
||||
# End-to-End Encrypted Channels
|
||||
|
||||
<DocCardList items={useCurrentSidebarCategory().items} />
|
||||
142
docs/link/e2e_channels/setup.md
Normal file
142
docs/link/e2e_channels/setup.md
Normal file
|
|
@ -0,0 +1,142 @@
|
|||
---
|
||||
sidebar_label: Initial Setup
|
||||
sidebar_position: 10
|
||||
description: Setting up E2E channels (Signal and WhatsApp)
|
||||
---
|
||||
|
||||
# Initial setup
|
||||
|
||||
:::info
|
||||
If you have requested a Signal and/or WhatsApp channel as part of your helpdesk setup, or you have a fully-managed
|
||||
handset provided by us, these steps will already have been completed by our support team.
|
||||
:::
|
||||
|
||||
1. Log in to your CDR Link helpdesk admin panel using either ‘Sign in with Google button’ or Sign in with Zammad credentials’:
|
||||
|
||||
|
||||
|
||||
1. Using the left side menu go to Admin → **WhatsApp** (or **Signal**):
|
||||
|
||||
|
||||
|
||||
1. Create the **WhatsApp** (or **Signal**) connection by using the blue ‘Create’ button in top right corner of the screen:
|
||||
|
||||
|
||||
|
||||
You will see a pop-up window like the one below:
|
||||
|
||||
- Fill the ‘Name’ field with some recognisable name (it can be useful to name it like ‘Signal handset 1’ in case if you are planning to use more numbers) of the channel
|
||||
- Fill ‘Phone Number’ field with your handsets phone number containing the relevant country code.
|
||||
|
||||
|
||||
|
||||
- Click ‘Save’.
|
||||
1. You will see next window with QR code similar to the following:
|
||||
|
||||
<aside>
|
||||
💡
|
||||
|
||||
You might need to wait up to one minute for the QR code to fully load (you initially will see a similar code as on the screenshot but when it loads it will have a lot more and smaller ‘squares’).
|
||||
|
||||
</aside>
|
||||
|
||||
|
||||
|
||||
|
||||
- Copy the Token and save it in a safe place.
|
||||
- Now you need to scan the code. Depending on which channel you are configuring you have to follow the instructions below (they may vary slightly depending on what kind of device you are using, in example we are using Android device):
|
||||
- For **WhatsApp**:
|
||||
- Go to main screen (screen with all chats visible).
|
||||
- On the top right corner tap the ‘three dots’ icon.
|
||||
- From the drop down menu tap on the ‘Linked devices’.
|
||||
- Tap the green ‘Link a device’ button.
|
||||
- Scan the code from your computers screen.
|
||||
- For **Signal**:
|
||||
- Go to the main screen (screen with all chats visible).
|
||||
- On the top right corner tap the ‘three dots’ icon.
|
||||
- From the drop down menu tap on the ‘Settings’.
|
||||
- Tap on the ‘Linked devices’.
|
||||
- Tap the blue ‘Link a device’ button.
|
||||
- Scan the code from your computers screen.
|
||||
- In both cases after scanning the code you should see your newly linked channel connection under the ‘Linked devices’ list of your WhatsApp/Signal communicator.
|
||||
- You can press the blue ‘Done’ button on your connection screen.
|
||||
1. Now you need to create a bot. Using the left side menu go to Admin → Zammad Settings → Channels → **WhatsApp** (or **Signal**):
|
||||
|
||||
|
||||
|
||||
1. Create the **WhatsApp** (or **Signal)** bot by using the green ‘Add WhatsApp bot’ (or ‘Add Signal bot’) button in top right corner of the screen:
|
||||
|
||||
|
||||
|
||||
You will see a pop up window like the one below:
|
||||
|
||||
- Fill the ‘Phone Number’ field with same phone number as you used in point 3.
|
||||
- Paste the bot token from point 4 into the ‘Bot Token’ field (in case if you lost it you can always come back to the admin and click on the previously created connection in order to retrieve the token.
|
||||
- In ‘Bot Endpoint’ field paste:
|
||||
- For **WhatsApp:**
|
||||
|
||||
```json
|
||||
|
||||
http://link:3000/link/api/whatsapp
|
||||
```
|
||||
|
||||
- For **Signal**:
|
||||
|
||||
```json
|
||||
|
||||
http://link:3000/link/api/signal
|
||||
```
|
||||
|
||||
- You can leave the ‘Users’ and ‘Organization’ fields as they are or pick the relevant values.
|
||||
|
||||
|
||||
|
||||
- Click the ‘Submit’ button.
|
||||
- You will see your newly created bot on the list - click the ‘Edit’ button on the right side of the bot:
|
||||
|
||||
|
||||
|
||||
- You will see the same form as previously but with one additional field: ‘Endpoint URL’ - copy the part after **https://your-helpdesk.cdr.link/api/v1/channels_cdr_whatsapp_webhook/** or **https://your-helpdesk.cdr.link/api/v1/channels_cdr_signal_webhook/** - make sure to copy all of it as it is a very long code as you can see in the example below:
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
- Paste the code in the safe temporary place and click on the ‘Cancel & Go Back’ link on the left bottom corner of the form.
|
||||
1. The last part is to create a Webhook. Go back to the Admin panel, select Admin → Webhooks:
|
||||
|
||||
|
||||
|
||||
- Click the blue ‘Create’ button in top right corner:
|
||||
|
||||
|
||||
|
||||
- You will see a webhook creation form like the one below:
|
||||
|
||||
|
||||
|
||||
- In the ‘Name’ field type some name that is relating to the channel name and handset.
|
||||
- The method drop down menu should be left with ‘Post’.
|
||||
- In the ‘Endpoint’ field paste:
|
||||
- For **WhatsApp**:
|
||||
|
||||
```text
|
||||
http://zammad-nginx:8080/api/v1/channels_cdr_whatsapp_webhook/xxxxxxx
|
||||
```
|
||||
|
||||
`where ‘xxxxxx’ should be replaced with the code copied from ‘Endpoint URL’ from point 6`
|
||||
|
||||
- For **Signal**:
|
||||
|
||||
```text
|
||||
http://zammad-nginx:8080/api/v1/channels_cdr_signal_webhook/xxxxxxx
|
||||
```
|
||||
|
||||
`where ‘xxxxxx’ should be replaced with the code copied from ‘Endpoint URL’ from point 6`
|
||||
|
||||
- Below there are two drop down menus:
|
||||
- In the left one pick the relevant channel.
|
||||
- In the right one pick the bot name that you created in step 3.
|
||||
- Click the blue ‘Save’ button.
|
||||
|
||||
🎉 Congrats! Your connection is ready!
|
||||
77
docs/link/e2e_channels/supported_handsets.md
Normal file
77
docs/link/e2e_channels/supported_handsets.md
Normal file
|
|
@ -0,0 +1,77 @@
|
|||
---
|
||||
title: Mobile Devices
|
||||
sidebar_position: 50
|
||||
description: E2EE channels require a physical mobile device for operation
|
||||
---
|
||||
|
||||
Signal and WhatsApp channels require a physical mobile device to be set up to create the related accounts, and this
|
||||
device must be monitored and maintained to ensure the integrity of the end-to-end encryption and the availability of
|
||||
the channel.
|
||||
|
||||
## Fully Managed Devices
|
||||
|
||||
We will provide a fully managed Android device to support your use of one Signal and one WhatsApp channel, if desired,
|
||||
per Link Helpdesk.
|
||||
Our devices are provisioned with UK mobile numbers (+44 country code) however you can choose your own username and
|
||||
provide any branding you would like to have set up.
|
||||
Additional channels will be subject to a fee to cover the additional cost of each required mobile device.
|
||||
|
||||
If for any reason you choose to move away from our hosted platform in the future, see [Moving Away](./moving_away) for
|
||||
details on porting your number to your new provider.
|
||||
|
||||
## Self-Managed Devices
|
||||
|
||||
If due to your organisational policies you require to be in posession of the device, it is possible for you to manage
|
||||
your own devices.
|
||||
If you require support for these devices, an additional fee will be charged.
|
||||
As of May 2026 this will be the same fee as is charged for an additional fully managed device.
|
||||
|
||||
:::info
|
||||
There are no discounts available for self-managing your device as, in our experience, the increased support costs
|
||||
outweigh the hardware and mobile service costs.
|
||||
Support provided to self-managed device users is on a best-effort basis. We make no claims regarding expected
|
||||
response times, time between failures, or time to recovery for any issues.
|
||||
:::
|
||||
|
||||
### Hardware and Configuration
|
||||
|
||||
* We only support OEM Google Pixel devices and these must be in current security support
|
||||
([end of life dates](https://endoflife.date/pixel)).
|
||||
* The device must have a mobile service contract that:
|
||||
* has a sufficient monthly allowance for data for operating system and application updates, as well as the messaging
|
||||
data which may include audio and video content;
|
||||
* allows inbound and outbound calls and SMS; and
|
||||
* has a permanently assigned mobile number.
|
||||
* The device must not be in use for any other purpose and interactions with the device should only be performed for the
|
||||
purpose of monitoring and maintenance.
|
||||
* The device should be managed with a Mobile Device Management (MDM) solution to:
|
||||
* automatically install operating system and application updates;
|
||||
* restrict the installed apps, which may only be installed when signed with a valid certificate from a trusted app
|
||||
store;
|
||||
* enforce lock timeouts and strong unlock credential requirements;
|
||||
* disable unnecessary features that would otherwise provide attack surface (e.g., WiFi and Bluetooth); and
|
||||
* provide remote wipe capability.
|
||||
|
||||
### Procedures
|
||||
|
||||
* The device:
|
||||
* must be continuously connected to the mobile network with data access enabled;
|
||||
* must be kept turned on and charged, **using a charging system that does not keep the device connected to power 24 hours a day as this will lead to battery failure and risk of fire**;
|
||||
* must have sufficient physical security considerations taken (e.g. kept in locked room when unattended);
|
||||
* must not have mobile signal blocked from operation (e.g. do not store it in a metal safe);
|
||||
* must have well-documented access control policies in place; and
|
||||
* must be restarted once a week.
|
||||
* Monitor the logs of the MDM to ensure updates are applied.
|
||||
* Subscribe to security advisories for Android, Signal, WhatsApp and your MDM solution to endure critical and high
|
||||
impact vulnerabilities are patched promptly.
|
||||
* Check channel operation regularly and relink the device if needed.
|
||||
* Regularly audit the device configuration and procedures, and who can access it.
|
||||
|
||||
|
||||
:::warning
|
||||
While we can advise you on a configuration for the device, security is a combination of applied configuration,
|
||||
physical security and formal processes such as regular internal or external audits.
|
||||
Only your organisation is able to ensure these recommendations are followed when self-managing your device.
|
||||
For this reason, we do not accept any responsibility related to any security incidents related to your self-management
|
||||
of the device.
|
||||
:::
|
||||
Loading…
Add table
Add a link
Reference in a new issue