General, Integrations, and Security tabs

  • In the General tab, you can assign a name, and a description to the system.

  • In the Integrations tab, you can add available integration within Neptune DXP - Open Edition.

  • In the Security tab, you make web-related security settings.

General tab

General

Name

Enter a name for your system.

Description

Enter a short description of your system.

system settings general
In the upper left of the user interface, the description is shown next to the name of the system.
Role

Assign one of the following roles to your system:

  1. Local

  2. Development

  3. Integration

  4. Test

  5. Quality Assurance

  6. Staging

  7. Production

  8. Sandbox

HTTP Port

HTTP port to access the cockpit

Session Timeout (in minutes)

Enter the time span in minutes for a session timeout. If the user does not refresh or request a page within this time span, the session ends and the user has to log in again.

Delete cookie when browser session ends (i.e. all browser windows are closed)

Select or clear, as necessary.

HTTP Response Timeout (in seconds)

Enter a timeout period in seconds that defines for how long a session remains active after the last refresh or page request.

Background Job Interval (in seconds)

Enter a value in seconds for background job intervals.

Number of Server Worker Processes

Enter a number for the maximum number of jobs that are processed simultaneously in the background.

Disable update database from repository

Select the checkbox to disable updating of a database from a repository in a development package. The option Update database from repository in the Settings section of the GIT tab in the Development Package tool is disabled after selection. You must restart the server for this settings change to take effect.

Federated Sign-Out

If you have configured authentication of Neptune DXP - Open Edition with an external identity provider, for example Microsoft Entra ID, with federated sign-out, you can choose that when you sign out from the Cockpit and/or a launchpad, you sign out simultaneously from the identity provider.

Logging

Log all requests to stdout (standard output) and logs/requests

Select or clear, as necessary.

Disable audit log

Select or clear, as necessary. Disabling the audit log is an optional step, as the data generated from the audit log can accumulate to a substantial size over time.

Language Server

Select to enable auto-completion features when you use the App Editor.

This is hidden when you run Neptune DXP - Open Edition on Neptune DXP Cloud.

Login

Disable Local authentication

Select to disable the local authentication option from the login options. For example, if you want to use JSON Web Token (JWT) authentication as default, then disable local authentication.

Default login url

To redirect unauthenticated users to a login page different from the standard one, enter the URL here. This is typically used to redirect users from the base domain https://<domain>.com/ of your system to the standard launchpad for external users. Entering /launchpad/<launchpad_name> will redirect users to https://<domain>.com/launchpad/<launchpad_name>; for login.

Disable "Change Password" option in launchpads

To prevent users from changing their password in a launchpad, select to remove the Change Password option in the user menu of launchpads.

The selection removes the Change Password option from all launchpads created in the system.
Automatically Import User Groups When Signing in from External Systems, e.g. Microsoft Entra ID, OpenID Connect, SAML

You can select the checkbox to automatically import user groups configured within your identity provider, when signing in to Neptune DXP - Open Edition through authentication methods from external systems, for example, Microsoft Entra ID, OpenID Connect, SAML. The checkbox is not selected by default.

This setting is not applied to the LDAP protocol as an authentication method to sign in to Neptune DXP - Open Edition. LDAP auto-imports user groups when you sign in from an external system.

Error Notifications

Select the system components you want to receive error notifications from. Enter email addresses to receive these notifications.

SSL Settings

Enable SSL by specifying the port and adding a certificate. You can generate one in Certificates.

Integrations tab

Firebase - push notifications

Firebase Cloud Messaging (FCM) is used to deliver push notifications to Android devices, Google Chrome and Mozilla Firefox. Use your FCM credentials to set up web push notifications for your site. The API keys that you enter here are stored securely and are used by the web push notifications service to connect to the FCM server. The Message Sender ID (project number) that you enter here is used by the Android SDK and JS SDK for Google

Naia

Enable Naia in order to use Naia in the Neptune DXP.

OpenAI

Enable OpenAI and add an API key in order to use OpenAI in the Neptune DXP.

Fiori Remote System

When this setting is enabled, Neptune DXP - Open Edition can act as a proxy for a Neptune DXP - SAP Edition system on specific paths. Turn on the switch and select the pre-configured remote system from Fiori System.

Requests for data at the relative paths /sap/ and /neptune/ are proxied to the selected remote Neptune DXP - SAP Edition system. Neptune DXP - Open Edition automatically appends authentication for the remote system when authentication is configured for the remote system.

Security tab

In the Security tab, you perform the following tasks:

Disable Frame Guard (X-Frame-Options)

Select or clear, as necessary. Allows your instance to be embedded within frames or iframes on other websites.

Accessed using HTTPS (will enable secure cookies). Remember to set 'X-Forwarded-Proto': 'https' if you are using a reverse proxy

Select or clear, as necessary.

Only allow API, OData, or Remote System endpoints when sending requests through proxy

To restrict URL endpoints sent through the Neptune proxy, only endpoints defined in an API (in the API Designer), OData (in the OData Source tool, or a remote system (in the Remote Systems_ tool) are permitted when sending requests through the proxy. The route /proxy/:url only accepts endpoints listed in the proxy whitelist, and requests to /proxy/:url/:apiID and /proxy/remote/:url/:systemID only accept endpoints defined within the API, the OData source, or the remote system associated with the corresponding apiID or systemID. If the url parameter does not match a URL defined in the API, the OData source, or the remote system, the request will be blocked.

This also avoids manual entry of endpoints to Proxy whitelist, when not required. The setting can, however, be used in combination with entries to the Proxy whitelist.

Cookie attribute SameSite value

Select the cookie type.

The SameSite attribute in cookies determines when and how they should be sent with cross-origin requests. It has three values:

  1. Strict: Only sent in first-party contexts, providing high security.

  2. Lax: Sent with top-level navigations, but not with cross-origin sub-requests, balancing security and usability.

  3. None: Sent with both top-level navigations and cross-origin sub-requests, but requires Secure and HTTPS, used judiciously for specific cases like Single Sign-On

In the following sections you can enter URLs to whitelists for Proxy, CORS, and CSP.

Next steps

Related topics