Free
Ease the transition into remote work with 180-day free trial period. 
Start now

Total control over data security

We provide a comprehensive range of security tools and services, keeping your data safe on all fronts. Customize portal access settings, connect authentication services, and manage access rights to protect yourself from unauthorized access, data leaks, and insider actions.

Want to examine the innermost composition of our solutions?

Visit us on GitHub

Security starts with personal data

General Data Protection Regulation (GDPR) was adopted in order to protect end-users of software, regulating the way companies handle their information when working with EU residents. We respect our users’ right to own and control their personal data, and created products which are fully compliant with the European laws.
Therefore, ONLYOFFICE sticks to data minimalism and we lets users know how data is collected, stored, and processed. ONLYOFFICE gives freedom to access, copy, delete, restrict, or move any personal data. If your organization acts as a data controller and provides ONLYOFFICE to end-customers, you get complete access to the procedures through which they can execute their legal rights related to their personal data.

End-to-end encryption

Encrypt your files and data transfer while co-editing on both ends. Work, store, and collaborate on documents privately.

Authentication and portal access control

Two-factor authentication
In the age of electronic fraud and social engineering, we are all vulnerable. Protect your log-in procedure on your portal with dynamic passcodes sent via mobile text messages. The classified data stored in your cloud or server facilities can be easily accessed if your users mishandle the personal passwords. Do not risk it.
We integrated Clickatell, SMSC, and Twilio services which allows an appropriate SMS package to be selected for any team and budget.
Additionally, it is possible to enable two-factor authentication via a code generation app/authenticator app (Google Authentificator, Authy, etc.).
Read more about how to use two-factor authentication in ONLYOFFICE
Single Sign-On (SSO)
By choosing Single Sign-On over the classic authentication, you do not let us store any of your log-in data, instead ensuring it to one of the trusted global authentication services. ONLYOFFICE is the service provider (SP), while the third-party application acts as the Identity Provider (IdP). Providers verify users' authentication and discreetly keeps credentials on their side, minimizing the risk of unauthorized acquisition of this data.
Currently, we have three IdPs integrated with ONLYOFFICE to perform the Single Sign-On feature: Shibboleth, OneLogin, and AD FS.
Read more about how Single Sign-On works in ONLYOFFICE
Authentication filtering and monitoring
Customized set-up for log-in criteria allows managing specific frameworks for authentication based on your knowledge and concerns. Moreover, all activities can be manually monitored and reported to reveal potentially fraudulent or harmful behavior.
Trusted mail domains
This option allows you to manually select the mail servers that sign-up emails should belong to. Customized mail domains are also supported.
Password creation criteria
Here you can set the minimum password length and determine whether it must contain certain types of characters - capital characters, digits, or special symbols.
Cookie lifetime
Automatic log-out will be performed after a chosen period of time if this option is enabled.
IP restriction
This setting permits portal access only to chosen IPs.
Login History
With Login History you can view the whole history of successful and failed login attempts and log-offs.
Audit Trail
Audit Trail reports tracks which actions were performed by each user of the portal and when.

Data protection

Private server installation
ONLYOFFICE was designed for businesses that carry out sensitive communication and handle records that, if compromised, may endanger customers and internal operations. Our range of solutions keeps your services and all assigned data completely within your physical perimeter. We put hardware protection in your hands, allowing you to manually maintain stability and connectivity as your business standards demand.
We provide complete technical support for on-premise deployment and release regular software updates.
JWT
JSON Web Token (or JWT) protects documents from unauthorized access. This technology secures portal traffic and ensures users cannot access more data than they are permitted, which is critical when inviting external users.
ONLYOFFICE Document Server requests an encrypted signature which is then hosted in the token. The token is added in the configuration when Document Editor is initialized and during the exchange of commands between inner services (storage service, editing service, command service, and conversion service), therefore validating the right to perform a certain operation with the data.
HTTPS for private server
With ONLYOFFICE, you can encrypt your traffic by moving own-server portals to HTTPS protocol, whether you possess an SSL certificate or not. Use the existing private key and a certificate with a public key generated on its base, or issue the new CA-signed certificate on letsencrypt.org via ONLYOFFICE Control Panel.
Read more about using HTTPS in ONLYOFFICE
Data backup
The remote backup dislocation cuts maintenance costs and saves time by automating security procedures. Your data can be backed up both manually and automatically to ONLYOFFICE Documents module, a third-party storage (DropBox, Box, Google Drive, OneDrive, etc.), or Amazon Cloud. We offer a dedicated local drive as an option for manual backup, if necessary.
Read more about data backup in ONLYOFFICE
Access rights management
The threat of malicious internal action scales with business size and data classification variety, thus necessitating the differentiation of rights.
Users of your private portal can be easily grouped and hierarchized. Set access rights to portal modules and data for each user or group, protecting specific data from unwanted attention and insider actions.
Read more about the access rights management