Use this checklist to ensure maximum security of your ONLYOFFICE Enterprise Edition

<p>Here’s how to make your on-premises office an impregnable fortress.</p>
<p><a href="https://wpblogpost.teamlab.info//2020/03/use-this-checklist-to-ensure-maximum-security-of-your-enterprise-edition/"><img decoding="async" loading="lazy" class="alignnone size-full wp-image-15021" src="https://static-blog.onlyoffice.com/wp-content/uploads/2020/03/onlyoffice_security_enterprise_edition.png" alt="ONLYOFFICE Enterprise Edition security checklist" width="634" height="320" srcset="https://static-blog.onlyoffice.com/wp-content/uploads/2020/03/onlyoffice_security_enterprise_edition.png 634w, https://static-blog.onlyoffice.com/wp-content/uploads/2020/03/onlyoffice_security_enterprise_edition-300x151.png 300w" sizes="(max-width: 634px) 100vw, 634px" /></a></p>
<p></p>
<div style="color: #333; font-size: 12pt; margin: 36px 0 16px; font-weight: bold;">#1. SSL certificate</div>
<p>You will need a reliable one if you are going to provide not only local but also external portal access for your users. You can generate a newly signed certificate in the Control Panel. It uses the <a href="https://letsencrypt.org/" target="_blank" rel="noopener noreferrer">Let&#8217;s encrypt</a> service to provide the CA-signed certificates. You might as well buy an Amazon or GoDaddy certificate.</p>
<p>After you have installed the certificate, it&#8217;s better to check your security level using <a href="https://www.ssllabs.com/" target="_blank" rel="noopener noreferrer">SSL Labs</a> or other services of the kind. Your security level must be not lower than A.</p>
<div style="color: #333; font-size: 12pt; margin: 36px 0 16px; font-weight: bold;">#2. Automatic backup</div>
<p>Enable automatic backup in the Control Panel. We also recommend that you use third-party services and make a backup copy from time to time.</p>
<p>Instructions in our <a href="https://helpcenter.onlyoffice.com/server/controlpanel/enterprise/backup-restore.aspx?_ga=2.184737321.1031974404.1583133576-699576329.1539952318" target="_blank" rel="noopener noreferrer">Help Center</a>.</p>
<div style="color: #333; font-size: 12pt; margin: 36px 0 16px; font-weight: bold;">#3. Adjust portal security settings</div>
<p>Before you start adding your portal users, it better to set up some portal access rules. Go to Settings -&gt; Security -&gt; Portal Access to do the following:</p>
<ul>
<li>Restrict access to your portal using IP whitelisting;</li>
<li>Specify trusted mail domains that can be used for registration on you portal;</li>
<li>Determine the password length (from 6 to 16 characters) and the character set that must be used in your users&#8217; passwords.</li>
</ul>
<p>Details <a href="https://helpcenter.onlyoffice.com/server/enterprise/configure-enterprise.aspx?_ga=2.143252917.1031974404.1583133576-699576329.1539952318" target="_blank" rel="noopener noreferrer">here</a>.</p>
<div style="color: #333; font-size: 12pt; margin: 36px 0 16px; font-weight: bold;">#4. Enable 2-factor authentication</div>
<p>It’s an essential layer of security in 2020. You can enable 2-factor authentication in Settings -&gt; Security -&gt; Portal Access.</p>
<ul>
<li>With authenticator app &#8211; Authy or Google Authenticator (recommended).</li>
<li>With SMS &#8211; using SMC, Clickatell or Twilio (you will have to enable them first in Settings -&gt; Integration -&gt; Third-Party Services).</li>
</ul>
<p>All the detailed instructions can be found in our <a href="https://helpcenter.onlyoffice.com/guides/two-factor-authentication.aspx" target="_blank" rel="noopener noreferrer">Help Center</a>.</p>
<div style="color: #333; font-size: 12pt; margin: 36px 0 16px; font-weight: bold;">#5. LDAP for access centralization</div>
<p>LDAP support provided by ONLYOFFICE Control Panel allows you to easily import the necessary users and groups from your LDAP server (e.g. OpenLDAP Server or Microsoft Active Directory) to your portal.</p>
<p>Its pros:</p>
<ul>
<li>You won&#8217;t have to add lots of users with new logins and passwords manually;</li>
<li>No extraneous registrations &#8211; only people present on your LDAP server can be added as portal users;</li>
<li>Your users won&#8217;t have to memorize new logins and passwords &#8211; they will be able to access ONLYOFFICE using their accounts from the LDAP server.</li>
</ul>
<p>More information about LDAP <a href="https://helpcenter.onlyoffice.com/server/windows/community/ldap-settings.aspx?_ga=2.72554899.1031974404.1583133576-699576329.1539952318" target="_blank" rel="noopener noreferrer">here</a>.</p>
<p>You may also <a href="https://helpcenter.onlyoffice.com/server/controlpanel/enterprise/sso-description.aspx?_ga=2.72554899.1031974404.1583133576-699576329.1539952318" target="_blank" rel="noopener noreferrer">enable third-party authentication</a> using the installed SSO services (Shibboleth, OneLogin, or Active Directory Federation Services).</p>
<div style="color: #333; font-size: 12pt; margin: 36px 0 16px; font-weight: bold;">#6. Use own SMTP server</div>
<p>By default notifications for ONLYOFFICE Enterprise Edition users (for example, if they are granted access to a document) are provided by means of the standard ONLYOFFICE SMTP server. We highly recommend you to configure your own SMTP server so that your notifications won&#8217;t pass through any third-party server.</p>
<p>Instructions can be found <a href="https://helpcenter.onlyoffice.com/server/enterprise/configure-enterprise.aspx" target="_blank" rel="noopener noreferrer">here</a>.</p>
<div style="color: #333; font-size: 12pt; margin: 36px 0 16px; font-weight: bold;">#7. Track user logins and other actions</div>
<p>Track successful logins/failed login attempts and the actions users performed on your portal, including creation and deletion of documents and tasks in Settings -&gt; Security.<br />
You can set the period to store the login history and the list of user actions. By default, it is set to 180 days.</p>
<p>Learn more in our <a href="https://helpcenter.onlyoffice.com/gettingstarted/configuration.aspx" target="_blank" rel="noopener noreferrer">Help Center</a>.</p>
<div style="color: #333; font-size: 12pt; margin: 36px 0 16px; font-weight: bold;">#8. No root access</div>
<p>If you haven&#8217;t done this earlier, disallow logging as root. The root account is the most privileged on the system and has absolute power over it including complete access to all files and commands, even those critical for the system.</p>
<div style="color: #333; font-size: 12pt; margin: 36px 0 16px; font-weight: bold;">#9. Close all the unnecessary ports</div>
<p>The list of all the ports which must be opened for ONLYOFFICE is <a href="https://helpcenter.onlyoffice.com/server/docker/community/open-ports.aspx" target="_blank" rel="noopener noreferrer">here</a>.</p>
<div style="color: #333; font-size: 12pt; margin: 36px 0 16px; font-weight: bold;">#10. Adjust parameters for storing file versions</div>
<p>If you sometimes worry about the quality of your Internet connection, it’s good to make sure the documents your team is working on won’t get lost. Here’s how you do this.</p>
<p>In Common settings, you can adjust parameters of storing intermediate versions of the documents. By default, each new intermediate revision replaces the previous one in the version history. But it is possible to store all of them.</p>
<p>If you switch storing all versions on, each user can enable the Keep intermediate versions when editing option within his/her account. When this option is enabled, every time the user saves the file a new intermediate revision is created and displayed in the version history.</p>
<p>Read more about working with versions and revisions <a href="https://helpcenter.onlyoffice.com/tipstricks/document-versions.aspx" target="_blank" rel="noopener noreferrer">here</a>.</p>
<div style="color: #333; font-size: 12pt; margin: 36px 0 16px; font-weight: bold;">#11. Use document permissions and access rights</div>
<p>Make sure your documents are shared with the appropriate permissions.</p>
<p>In ONLYOFFICE docs can be shared for:</p>
<ul>
<li>viewing,</li>
<li>editing (full access),</li>
<li>commenting,</li>
<li>reviewing,</li>
<li>filling forms.</li>
</ul>
<p>You can learn more about them <a href="https://helpcenter.onlyoffice.com/gettingstarted/documents.aspx#SharingDocuments_block" target="_blank" rel="noopener noreferrer">here</a>. Also, the watermarking feature is available in ONLYOFFICE document editor.</p>
<p>Special bonus for developers: more permissions can set using Document Server’s config. For example, you can restrict downloading/printing documents or deny access to filters in xlsx files. Details in <a href="https://api.onlyoffice.com/editors/config/document/permissions" target="_blank" rel="noopener noreferrer">API documentation</a>.</p>
<p>And don’t forget that it’s possible to restrict access to certain things like tasks or contacts within Projects and CRM. Read more about the access restriction in the Getting Started sections of both modules in our Help Center.</p>
<div style="color: #333; font-size: 12pt; margin: 36px 0 16px; font-weight: bold;">Important to know: your docs are protected with JWT</div>
<p>Protection from unauthorized access to documents with the help of JWT is enabled by default. This technology secures the portal traffic and ensures that users cannot access more data than permitted to them.</p>
<p>Details in ONLYOFFICE <a href="https://api.onlyoffice.com/editors/security" target="_blank" rel="noopener noreferrer">API documentation</a>.</p>
<p>We also have an announcement &#8211; we are bringing end-to-end encryption to Enterprise Edition! Our team is now working hard on a new module where you can collaborate on encrypted documents in real-time, and it’s coming in one of the future releases.</p>
<div style="color: #333; font-size: 12pt; margin: 36px 0 16px; font-weight: bold;">Useful links</div>
<p>Start a free 30-day trial of ONLYOFFICE Enterprise Edition <a href="https://www.onlyoffice.com/enterprise-edition-free.aspx?utm_source=blog&amp;utm_medium=social&amp;utm_campaign=UpdatedSecChecklist" target="_blank" rel="noopener noreferrer">here</a>.</p>
<p>Learn about all the security tools ONLYOFFICE provides on the <a href="https://www.onlyoffice.com/security.aspx?utm_source=blog&amp;utm_medium=social&amp;utm_campaign=UpdatedSecChecklist" target="_blank" rel="noopener noreferrer">official website</a>.</p>
<p>Read about GDPR compliance in <a href="https://wpblogpost.teamlab.info//2018/05/how-onlyoffice-complies-with-gdpr/?utm_source=blog&amp;utm_medium=social&amp;utm_campaign=UpdatedSecChecklist" target="_blank" rel="noopener noreferrer">our blog</a>.</p>
<p>For solving technical issues, contact our <a href="https://support.onlyoffice.com/" target="_blank" rel="noopener noreferrer">support team</a>.</p>

Use this checklist to ensure maximum security of your Enterprise Edition

Recent posts

7 best tools to share files securely

How the Stiftung der Deutschen Wirtschaft manages its funding processes with ONLYOFFICE and Nextcloud

Practice opportunities: ONLYOFFICE Campus Ambassador Program for students