Enterprise Edition security checklist

You have installed ONLYOFFICE Enterprise Edition on your server, which means that security is a major concern for you. We’ve made a list of important Enterprise security measures to keep you fully in the picture. Here we are going to speculate on the resources within ONLYOFFICE web interface but will touch upon some general measures as well.


#1. SSL certificate

You will need a reliable one if you are going to provide not only local but also external portal access for your users. You can generate a new signed certificate in the Control Panel. It uses the Let’s encrypt service to provide the CA-signed certificates. You might as well buy an Amazon or GoDaddy certificate.

After you have installed the certificate, it’s better to check your security level using SSL Labs or another service of the kind. Your security level must be not lower than A.

#2. Automatic backup 

Enable automatic backup in the Control Panel. We also recommend that you use third-party services and make a backup copy of the server with ONLYOFFICE installed from time to time.

Instructions in our Help Center.

#3. Adjust portal security settings

Before you start adding your portal users, it’s better to set up some portal access rules. Go to Settings -> Security -> Portal Access to do the following:

  • Restrict access to your portal using IP whitelisting;
  • Specify trusted mail domains that can be used for registration on your portal;
  • Determine the password length (from 6 to 16 characters) and the character set that must be used in your users’ passwords.

Details here.

You can also enable 2-factor authentication using third-party services Clickatell or SMSC. Instructions on how to connect them to ONLYOFFICE can be found in our Help Center.

#4. LDAP for access centralization

LDAP support provided by ONLYOFFICE Control Panel allows you to easily import the necessary users and groups from your LDAP server (e.g. OpenLDAP Server or Microsoft Active Directory) to your portal.

Its pros:

  • You won’t have to add lots of users with new logins and passwords manually;
  • No extraneous registrations – only people present on your LDAP server can be added as portal users;
  • Your users won’t have to memorize new logins and passwords – they will be able to access ONLYOFFICE using their accounts from LDAP server.

More information about LDAP here.

You may also enable third-party authentication using the installed SSO services (Shibboleth, OneLogin, or Active Directory Federation Services).

#5 Use own SMPT server

By default notifications for ONLYOFFICE Enterprise Edition users (for example, if they are granted access to a document) are provided by means of standard ONLYOFFICE SMPT server. We highly recommend you to configure your own SMTP server so that your notifications won’t pass through any third-party server.

Instructions can be found here.

#6 Protection from unauthorized access to docs

Protection from unauthorized access to documents with the help of JWT is enabled by default. This technology secures the portal traffic and ensures that users cannot access more data than permitted to them, which is critical in case of external user invitation.

Details in ONLYOFFICE API documentation.

#7. No root access

If you haven’t done this earlier, disallow logging as root. The root account is the most privileged on the system and has absolute power over it including complete access to all files and commands, even critical for the system.

#8. Close all the unnecessary ports

The list of all the ports which must be opened for ONLYOFFICE is here.

Additional paid services

If you are concerned about the fault tolerance of the particular node, it’s possible to launch a cluster. We would also be happy to help you connect ONLYOFFICE Enterprise Edition to an already existing local database. If you need any of these services, please, contact our sales department.

For solving technical issues, contact our support team.

Nadya

Recent Posts

  • Events
  • Open source

Meet ONLYOFFICE at POSS, JRES, and re:Invent in 2019

Hello everyone! December seems to be quite a busy time for ONLYOFFICE. We will travel to the US and France…

5 days ago

New ways to ONLYOFFICE: AWS instances

Being on a mission to bring innovative office apps to everyone, we added ONLYOFFICE Enterprise Edition to AWS Marketplace. This…

7 days ago

ONLYOFFICE is looking for a mascot

Hello everyone! Our project is on the hunt for its spiritual creature. For this reason, we are opening a contest…

2 weeks ago
  • Documents

ONLYOFFICE Document Server is now available as a snap

Great news everyone! From now on you can easily install ONLYOFFICE Document Server as a snap package. Read this post to learn…

2 weeks ago
  • Partnership
  • TeamLab
  • What's new
  • What's new

ONLYOFFICE announces partnership with Jalios to provide the enterprises with powerful collaboration tools

ONLYOFFICE is proud to announce its official partnership with Jalios, the leading publisher of digital workplace solutions. The integration between…

3 weeks ago

ONLYOFFICE attends international events: it-sa 2019

Hello everyone! Last week we came back from Nuremberg where it-sa 2019 was held, and we are eager to share…

4 weeks ago

This website uses cookies. By continuing to browse the website you agree to our privacy policy.

our privacy policy