ONLYOFFICE DocSpace: Security checklist
Designed with the ultimate data security in mind, ONLYOFFICE DocSpace offers cutting-edge features to ensure protected and seamless collaboration online. Discover all of them in this article.
Security settings in your DocSpace
Start by clicking 
and then go to DocSpace settings. Switch to the Security section and see the account protection settings arranged in 3 tabs — DocSpace access, Login History, and Audit Trail.
Password strength
It‘s important to create strong passwords that are unique, complex, and difficult to guess or crack. A strong password can help prevent unauthorized access to personal and sensitive information, such as financial data and personal records. Weak passwords are often the target of cybercriminals who use automated tools to gain access to accounts.
In DocSpace, you can set requirements for minimal password length or mandatory characters, such as capital letters, digits, and special symbols.
Two-factor authentication (2FA)
Two-factor authentication (2FA) is an extra layer of protection to your DocSpace account that helps prevent data breaches and cyber attacks. When logging in to DocSpace with 2FA, you have to provide a password and a verification code sent via SMS or to the authenticator app.
This security setting makes unauthorized login to your account impossible without gaining access to your mobile device.
Trusted mail domains
Trusted mail domains is a way to specify the mail servers used for self-registration. For example, you can prohibit signing up with personal emails and only allow corporate ones.
Activate the Custom domains radio button, click Add trusted domain, and enter trusted mail servers.
IP security
IP Security allows login to DocSpace from certain addresses only. This setting is useful for restricting access to a corporate DocSpace from devices using home or public networks, and hence prevents numerous threats from the outside.
Activate the setting by clicking Enable -> Add allowed IP address.
Important! The first IP address in the list must be your own. Otherwise, you will lose access to DocSpace after you save the settings. To regain access, contact the owner of your DocSpace and ask to add your IP address.
Administrator Message Setting
Security is not only about restricting unauthorized access to data. It also means a trouble-free access to your own files anytime.
This setting activates displaying the contact form on the login page. People can send a message to the portal administrator in case they experiencing difficulties accessing the portal.
Session lifetime
By limiting the session lifetime, DocSpace automatically logs the user out after a certain period of inactivity. To activate the setting, click Enable and enter session lifetime in minutes.
This security measure helps prevent unauthorized access to DocSpace if the user forgets to log out or leaves their computer unattended, reduces the risk of brute force attacks and session hijacking.
Also, you can manually log out from all active sessions on any device using the corresponding feature.
Login History
This setting is a record of all the times a user has logged into your DocSpace. It includes details such as the date and time of the login, the device or location from which the login occurred, and whether the login attempt was successful or not.
Switch to the Login History tab, adjust the storage period for login data (max. 180 days), and click Download report. The record of access attempts will be saved in My Documents.
The setting helps track unauthorized login attempts and monitor user activity within a certain period of time. Currently, it‘s available for users with the Business plan.
Audit Trail
An audit trail is a record of all the latest actions performed by DocSpace users, such as creation, modification, deletion of files or rooms. Used to detect and prevent fraud or unauthorized access, Audit Trail stores information about actions — performer, type of action, time and date.
Switch to the Audit Trail tab, adjust the storage period for login data (max. 180 days), and click Download report. The record of access attempts will be saved in My Documents.
Currently, the setting is available for users with the Business plan.
Fundamental security features in ONLYOFFICE
DocSpace inherits the best document security practices implemented in ONLYOFFICE solutions. They shape our software and ensure that your document editing and collaboration sessions are protected with the internationally recognized security standards.
GDPR compliance
In ONLYOFFICE, all personal information is treated carefully. Our data security policy is fully compliant with the GDPR (General Data Protection Regulation) standards.
Created by the European Union and active since 2018, the GDPR regulates how organizations collect, use, store, and share their data. It gives individuals more control over their personal data and requires organizations to obtain explicit consent before collecting or processing their data.
Strong encryption
ONLYOFFICE uses the industry-leading AES-256 encryption standard to protect your sensitive data at rest. Data is protected in transit by use of HTTPS protocols with up-to-date TLS encryption algorithm.
Open source
ONLYOFFICE affirms its transparency and reliability by opening the source code of all functional modules and tools. This transparency also promotes trust and accountability, as users can see how the software works and what it does with their data.
Flexible access rights
Flexible permissions protect specific documents from unwanted attention and insider actions. In DocSpace, you can assign various roles to users depending on actions they expect to perform.
- Viewer can read content of your files, but not making any edits
- Reviewer suggests changes in a file
- Commenter can leave comments
- Form filler enters required data in fillable fields
- Editor makes any changes in a document
- Power user can create new documents and edit files in any room they have access to
- Room admin can create new rooms, manage profiles, and set access levels
All these document access rights can be granted when sharing a file.
JWT (JSON Web Token)
JSON Web Token (or JWT) protects documents from unauthorized access. This technology secures DocSpace traffic and ensures that users cannot access more data than permitted to them, which is critical in case of external user invitation.
All aforementioned options are here to protect your data and identity in DocSpace. Visit this page to learn more about ONLYOFFICE security features.
How to get ONLYOFFICE DocSpace
Ready to get a secure home for your documents and collaborate in a strongly protected environment? Create your ONLYOFFICE DocSpace in the cloud for free today.
The on-premise deployment model for DocSpace is coming soon.
