Page tree
Skip to end of metadata
Go to start of metadata

To access the Security Policy page, click on the Settings tab and select Security Policy.

The Security policy page is broken into categories, and offers exceptions to rules 

Security Policy

Login

Automatic device enrolment

If allowed each device will be added to the approved devices list if valid user credentials are provided at the login screen on the device.

If disallowed then before each device can sync anything the device requires approval by an AsdeqDocs administrator on the Device Management screen.

 

Required check-in timeout

When set to On this rule requires a number of days be set for the required check-in time. If a device does not connect with the server within the specified check-in time, then all files are erased from the device container. Each time a user successfully connects their device to the server the timeout period for the device is reset.

If set to Off then there is no required check-in time, nor automatic erasure of documents.

Offline login credentials

If allowed the users will be able to access the files in their libraries while offline (out of Wi-Fi or data network range, e.g. in an airplane).  

If disallowed the users will not be able to access files or login to AsdeqDocs/AsdeqForms while offline.

Fingerprint Login

If allowed the app will permit logging in to a previously synced copy of AsdeqDocs using a fingerprint reader instead of typing a password.

If disallowed users will have to enter their password to access AsdeqDocs/AsdeqForms. 

Remember Username

If allowed the app will pre-fill the ‘username’ field on the login screen with the most recently entered value.

If disallowed users will have to enter their username each time they log in to AsdeqDocs/AsdeqForms

Remember Me - Device

When set to allow this rule requires a number of minutes be set. This sets the amount of time that the AsdeqDocs/AsdeqForms app can be in the background before the user is required to provide their credentials again to continue accessing files.

Setting this to Disallow will require the user to log back into AsdeqDocs every time they put the app into the background.

Some devices operating systems will override this setting while AsdeqDocs/AsdeqForms is in the background if resource demands on the device become high and available resources are low. To ensure high security is maintained, AsdeqDocs will request a login when the user brings AsdeqDocs to the foreground.

 

If you wish to allow users to login without a password you can select Even if the app stops running or Allow Forever. These options store an encrypted password in the device's keychain, and allows users to login even if the app is killed or the device is restarted.

Remember Me - Web

Allows users to resume their web session without logging in again, for the set amount of time. Enabling this functionality adds a checkbox below the username/password on the web login screen:

Security

Audit Logging

If enabled a log is recorded of events on the client application such as: login, file access, searches performed, file upload, Email, etc. Each action is recorded with the current location of the device if location services are enabled on the device.

If disabled then activity auditing will not be available for device/user file access.

Record Device Location

If enabled then each device with GPS location capabilities will record the device location when reporting events back to the audit log (see Audit logging above).

If disabled then devices do not report their location when reporting events back to the audit log.

Encryption on device

While enabling this option does have a small processing overhead, it greatly adds security through file encryption to files on the client devices. As such, it is recommended that this be enabled.

If disabled the AES-256 encryption is not utilized and files are stored in the same manner as all other data on the device. If device level encryption is enabled (via Data Protection e.g. the use of a passcode) then the container is encrypted in that manner.  Disabling this setting is not recommended for environments where any documents are of a sensitive, private, or commercially important nature.

Enforce Restricted SSL Policy

If enabled AsdeqServer will reject new self-signed or untrusted certificates, blocking man-in-the-middle attacks.

If disabled then new self-signed and untrusted certificates are accepted for connections.

Data Control

Email

If allowed this allows the device user to email files from AsdeqDocs using the devices' native email functionality. This creates a potential security risk. This feature will only be available on the client if the device has an email account configured.

If disallowed the users will not see the Email option.

Open Files on Other Applications

If allowed this allows the device user to use the native"Open In..." functionality, which creates an unencrypted copy of the file on the device to allow the other app to use it. This creates a potential security risk.

If disallowed the users will not see the Open In option.

Web File Downloads

If allowed the users can download files using the Library file viewer under the Libraries tab in the AsdeqDocs web interface.

If disallowed then access to download files is not available through the AsdeqDocs web interface.

SecureLink is a technology developed by Asdeq Labs. SecureLink allows the user to use files from AsdeqDocs in apps that are part of a SecureLink partnership. Unlike using Open In, using SecureLink will not copy the file into the third party app's container and forces to the third party application to respect the AsdeqDocs security policies (e.g. disable email, disable open in). This means that when you save edits or close the third party app there is not a residual file left unencrypted on the device, there is only the encrypted copy inside the AsdeqDocs secure container.

By default Open In creates an unencrypted copy of the file in the other apps container which remains after the other app is closed. Any other security policies for the file are also lost using Open In. This is obviously becomes a security issue if the device is stolen or lost.

What SecureLink provides is a way to open a file from AsdeqDocs in a SecureLink partner application while keeping the document encrypted on the device. Approved SecurityLink applications will respect the security policy settings (above) and will not keep make or leave a plain version of the file on the device.

Print

If enabled users on mobile devices will see the print option in the file actions menu for files with print capabilities.

If disabled the print option will not be available to users.

 

If allowed hyperlinks to referenced documents can be created an emailed. They allow the receiver to download a file from the server.

If disallowed the option will not appear

Using Password

If allowed users can create links that can be accessed without needing an AsdeqDocs account. Linked documents can be accessed by anyone with network access to the server by entering a password.

If disallowed  linked documents can only be accessed by users logged into AsdeqDocs

Allow No Time Limit

If allowed users can configure links that never expire.

If disallowed, the user must always choose the life of the link in days.

Allow Unlimited Password uses

If allowed  users  can configure links with passwords that may be used forever.

If disallowed, users must always choose the number of times a password may be used before it expires.

 

Allow Notify Link Creator on Download

 

If allowed users can configure links that automatically notify the creator when the recipient downloads the linked document from the server

 

If disallowed, users will not receive a notification.

Outgoing mail must be enabled on the Mail Management page to use this feature



Features

Browse Network

If allowed then the Browse Network functionality is available to the mobile device users. This functionality allows users to search all servers and source locations, and create/manage libraries direct from the device.

If disallowed the users can not search all servers and source locations, and can not create or manage libraries directly from the device.

Asdeq QuickSync

This option allows the server to push file updates to devices in real-time. 

If enabled the server sends a push notification to the device to sync files that are in user's Libraries on the device immediately after they are added, or modified on the back end servers.

If disallowed the devices will only receive file updates during regular scheduled syncs, after the server has identified the back-end file change as part of a scheduled source location scan. 

Used in conjunction with web uploads, QuickSync allows users to save a file to the back-end file repository via upload to a Library and have it appear on their device in the same library within seconds.

On Device Library Management

If enabled then users can create, add to and manage libraries from their mobile device.

If disabled then the user's can only create, add to and manage their libraries using the web interface.

File Management

Write

If allowed users can create and modify documents from AsdeqDocs into configured Source Locations.

This option must be allowed before the other file actions can be enabled

Add Folders

If allowed users can create new folders at a source location.

Copy

if allowed users can make copies of files or folders at the original source location, or in a separate source location.

Move

If allowed users can move files or folders to new locations at the source location, or into a separate source location



Exceptions

Exceptions provide granular control of security policies to administrators, allowing variations from the otherwise global security policy rule configured.

The exceptions can be set for combinations of users/groups and devices, for example:

  • Global rule disallows email, with an exception for the group Sales Team (thus allowing the sales team to email files from the client app, but no one else)
  • Global rule allows Open in, with an exception for Android devices (thus blocking any user on an Android device from using Open in from AsdeqDocs while allowing all other device platforms to use Open in)
  • Global rule sets the background logout time to 10 mins, with an exception for the group Solicitors on iPads set to 90 mins (thus allowing the solicitors to present for longer on their iPads in court before they may be required to log back in)

To view any configured exceptions, either click Show All, or the (plus) next to the specific rule if any exceptions exist

If a security policy rule changes from Allows to/from Disallowed, the exceptions also reverse - i.e. the exception from Allow (disallow) will become an exception from Disallow (allow).

Editing exceptions

To set or change an exception, click on the Edit button to the right of the rule. This will then display the exceptions and allow exceptions to be:

  • Added
  • Removed
  • Reordered

 


Configuring exceptions to the background logout time

 

Adding

When adding an exception, click on the user or group to search from the user/group the exception is to be set for, and/or select a device platform from the drop down list. 

Complete any settings required for the exception (e.g. set a number of minutes for the exception for the Background logout time)

Ordering

Exceptions with numerical values require ordering, and are applied from top to bottom - if a user is in multiple user groups with different exception values, the highest relevant exception will apply. In the example image above, any user in the top exception who is also in the bottom exception will have only the top exception apply.

Deleting

Simply click on Remove Exception

 

  • No labels