Prevent Unauthenticated Access to Virtual Agent Embedded Web Client

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Learn how to configure the sn_va_web_client_app_embed table to block unauthenticated users from accessing embedded web clients.

    The UI page sn_va_web_client_app_embed, which is an embedded web client for Virtual Agent, contains the ACL marked 'true' in the sys_public table Out of Box. It has been confirmed that there are use cases where public accessibility is needed however this is not a security best practice to set it to default publicly accessible.

    Deactivate ui page sn_va_web_client_app_embed from the Public Pages [sys_public] table if embedded web client is not needed for unauthenticated users

    More information

    Attribute Description
    Configuration name sn_va_web_client_app_embed
    Configuration type UI Page(sys_ui_page_list.do)
    Data type table
    Recommended value

    The Public Pages [sys_public] table record with sys_id of 04b1905473222300e985658b4cf6a7ef does exist or is not active.
    Default value Not available (this is a table value)
    Category Access control
    Security risk
    • Severity score: 7.5
    • CVSS score: High
    • Security risk details: Sensitive information may be exposed to unauthenticated users.
    Dependencies and prerequisites None