Total control over data security

We provide a solid range of security tools and services, keeping your data safe on all fronts. Customize portal access settings, connect authentication services and manage access rights to protect yourself from unauthorized access, data leaks and insider actions.

Want to examine the innermost composition of our solutions?

Visit us on GitHub

Authentication and portal access control

Two-factor authentication
In the age of electronic fraud and social engineering, we are all vulnerable. Protect log-in procedure on your portal with dynamic passcodes sent via mobile text messages. The classified data stored in your cloud or server facilities can be easily accessed if your users mishandle the personal passwords. Do not risk it.
We integrated Clickatell, SMSC and Twilio services that allow to select an appropriate SMS package for any team and budget.
Read more about how to use two-factor authentication in ONLYOFFICE
Single Sign-On (SSO)
By choosing Single Sign-On over the classic authentication, you do not let us store any of your log-in data, ensuring it, instead, to one of the trusted global authentication services. ONLYOFFICE is the service provider (SP), while the third-party application acts as the Identity Provider (IdP). Providers verify user's authentication and discreetly keep credentials on their side minimizing the risk of unauthorized acquisition of this data.
Currently, we have three IdPs integrated with ONLYOFFICE to perform Single Sign-On feature: Shibboleth, OneLogin and AD FS.
Read more about how Single Sign-On works in ONLYOFFICE
Authentication filtering and monitoring
Customized set-up for log-in criteria allows managing specific frameworks for authentication based on own knowledge and concerns. Moreover, all activities can be manually monitored and reported to reveal the potentially fraudulent or harmful behavior.
Trusted mail domains
This option allows manually selecting the mail servers that sign-up emails should belong to. Customized mail domains are also supported.
Password creation criteria
Here you can set the minimum password length and determine whether it must contain certain types of characters - capital characters, digits or special symbols.
Cookie lifetime
Automatic log-out will be performed after chosen period of time if this option is enabled.
IP restriction
This setting permits access to the portal only from chosen IPs.
Login History
With Login History you can view the whole history of successful and failed login attempts and log-offs.
Audit Trail
Audit Trail reports help keep track of which actions were performed by each user of the portal and when.

Data protection

Private server installation
ONLYOFFICE was designed for businesses carrying out sensitive communication and records that, if compromised, may to various extent endanger customers and internal operations. A range of our solutions allows keeping the services and all the assigned data completely within your physical perimeter. That places the whole hardware protection in your own hands and allows manually maintaining stability and connectivity as your business standards demand.
We provide complete technical support for on-premise deployment and release regular software updates.
JWT
JSON Web Token (or JWT) protects documents from unauthorized access. This technology secures the portal traffic and ensures that users cannot access more data than permitted to them, which is critical in case of external user invitation.
ONLYOFFICE Document Server requests an encrypted signature that is contained in the token. The token is added in the configuration when Document Editor is initialized and during the exchange of commands between inner services (storage service, editing service, command service and conversion service), therefore validating the right to perform a certain operation with the data.
HTTPS for private server
ONLYOFFICE allows encrypting your traffic through moving own-server portals to HTTPS protocol, whether you already possess an SSL certificate or not. Use the existing private key and a certificate with a public key generated on its base, or issue the new CA-signed certificate on letsencrypt.org via ONLYOFFICE Control Panel.
Read more about using HTTPS in ONLYOFFICE
Data backup
The remote backup dislocation cuts maintenance costs and saves a great volume of time, automating the security procedures. Your data can be backed up both manually and automatically to ONLYOFFICE Documents module, to a third-party storage (DropBox, Box, Google Drive, OneDrive, etc.) to Amazon Cloud. Own local drive is offered as an option for manual backup, if necessary.
Read more about data backup in ONLYOFFICE
Access rights management
The threat of malicious internal action scales with the size of business structure and variety of data classification therefore causing the need in differentiation of rights.
Users of your private portal can be easily grouped and hierarchized. Arrange the access rights to portal modules and data for each user or group to protect specific data from unwanted attention and insider actions.
Read more about the access rights management