ONLYOFFICE DocSpace: Security checklist

30 May 2023By Vlad

Designed with the ultimate data security in mind, ONLYOFFICE DocSpace offers cutting-edge features to ensure protected and seamless collaboration online. Discover all of them in this article.

ONLYOFFICE DocSpace: Security checklist

Security settings in your DocSpace

Start by clicking ONLYOFFICE DocSpace: Security checklist  and then go to DocSpace settings. Switch to the Security section and see the account protection settings arranged in 3 tabs — DocSpace access, Login History, and Audit Trail.

ONLYOFFICE DocSpace: Security checklist

Password strength

It‘s important to create strong passwords that are unique, complex, and difficult to guess or crack. A strong password can help prevent unauthorized access to personal and sensitive information, such as financial data and personal records. Weak passwords are often the target of cybercriminals who use automated tools to gain access to accounts.

In DocSpace, you can set requirements for minimal password length or mandatory characters, such as capital letters, digits, and special symbols.

ONLYOFFICE DocSpace: Security checklist

Two-factor authentication (2FA)

Two-factor authentication (2FA) is an extra layer of protection to your DocSpace account that helps prevent data breaches and cyber attacks. When logging in to DocSpace with 2FA, you have to provide a password and a verification code sent via SMS or to the authenticator app.

This security setting makes unauthorized login to your account impossible without gaining access to your mobile device.

ONLYOFFICE DocSpace: Security checklist

Trusted mail domains

Trusted mail domains is a way to specify the mail servers used for self-registration. For example, you can prohibit signing up with personal emails and only allow corporate ones.

Activate the Custom domains radio button, click Add trusted domain, and enter trusted mail servers.

ONLYOFFICE DocSpace: Security checklist

IP security

IP Security allows login to DocSpace from certain addresses only. This setting is useful for restricting access to a corporate DocSpace from devices using home or public networks, and hence prevents numerous threats from the outside.

Activate the setting by clicking Enable -> Add allowed IP address.

ONLYOFFICE DocSpace: Security checklist

Important! The first IP address in the list must be your own. Otherwise, you will lose access to DocSpace after you save the settings. To regain access, contact the owner of your DocSpace and ask to add your IP address.

Administrator Message Setting

Security is not only about restricting unauthorized access to data. It also means a trouble-free access to your own files anytime.

This setting activates displaying the contact form on the login page. People can send a message to the portal administrator in case they experiencing difficulties accessing the portal.

ONLYOFFICE DocSpace: Security checklist

Session lifetime

By limiting the session lifetime, DocSpace automatically logs the user out after a certain period of inactivity. To activate the setting, click Enable and enter session lifetime in minutes.

ONLYOFFICE DocSpace: Security checklist

This security measure helps prevent unauthorized access to DocSpace if the user forgets to log out or leaves their computer unattended, reduces the risk of brute force attacks and session hijacking.

Also, you can manually log out from all active sessions on any device using the corresponding feature.

Login History

This setting is a record of all the times a user has logged into your DocSpace. It includes details such as the date and time of the login, the device or location from which the login occurred, and whether the login attempt was successful or not.

Switch to the Login History tab, adjust the storage period for login data (max. 180 days), and click Download report. The record of access attempts will be saved in My Documents.

ONLYOFFICE DocSpace: Security checklist

The setting helps track unauthorized login attempts and monitor user activity within a certain period of time. Currently, it‘s available for users with the Business plan.

Audit Trail

An audit trail is a record of all the latest actions performed by DocSpace users, such as creation, modification, deletion of files or rooms. Used to detect and prevent fraud or unauthorized access, Audit Trail stores information about actions — performer, type of action, time and date.

Switch to the Audit Trail tab, adjust the storage period for login data (max. 180 days), and click Download report. The record of access attempts will be saved in My Documents.

ONLYOFFICE DocSpace: Security checklist

Currently, the setting is available for users with the Business plan.

Fundamental security features in ONLYOFFICE

DocSpace inherits the best document security practices implemented in ONLYOFFICE solutions. They shape our software and ensure that your document editing and collaboration sessions are protected with the internationally recognized security standards.

GDPR compliance

In ONLYOFFICE, all personal information is treated carefully. Our data security policy is fully compliant with the GDPR (General Data Protection Regulation) standards.

Created by the European Union and active since 2018, the GDPR regulates how organizations collect, use, store, and share their data. It gives individuals more control over their personal data and requires organizations to obtain explicit consent before collecting or processing their data.

Strong encryption

ONLYOFFICE uses the industry-leading AES-256 encryption standard to protect your sensitive data at rest. Data is protected in transit by use of HTTPS protocols with up-to-date TLS encryption algorithm.

Open source

ONLYOFFICE affirms its transparency and reliability by opening the source code of all functional modules and tools. This transparency also promotes trust and accountability, as users can see how the software works and what it does with their data.

Flexible access rights

Flexible permissions protect specific documents from unwanted attention and insider actions. In DocSpace, you can assign various roles to users depending on actions they expect to perform.

  • Viewer can read content of your files, but not making any edits
  • Reviewer suggests changes in a file
  • Commenter can leave comments
  • Form filler enters required data in fillable fields
  • Editor makes any changes in a document
  • Power user can create new documents and edit files in any room they have access to
  • Room admin can create new rooms, manage profiles, and set access levels

All these document access rights can be granted when sharing a file.

ONLYOFFICE DocSpace: Security checklist

JWT (JSON Web Token)

JSON Web Token (or JWT) protects documents from unauthorized access. This technology secures DocSpace traffic and ensures that users cannot access more data than permitted to them, which is critical in case of external user invitation.

All aforementioned options are here to protect your data and identity in DocSpace. Visit this page to learn more about ONLYOFFICE security features.

How to get ONLYOFFICE DocSpace

Ready to get a secure home for your documents and collaborate in a strongly protected environment? Create your ONLYOFFICE DocSpace in the cloud for free today.


The on-premise deployment model for DocSpace is coming soon.