Policies are applied to all users and Hubs that are assigned to a Tenancy. To implement more than one policy set, multiple Tenancies should be used.
If a user is a member of multiple Tenancies, the DekkoSecure application will pick up the strictest combination of policies and apply them to the user. In an example where a Standard (non-SSO) user is in two tenancies with the following authentication policies:
- 8-character PW, 2FA ON
- 15-character PW, 2FA OFF
The user will be made to use the stricter authentication controls (indicated in bold) - 2FA and a 15-character password (note: a user only has one account with one password).
Only users with the Tenant admin role are able to modify policies. Please contact your account manager or DekkoSecure support request the assignment or removal of an administrator on your Tenancy.
Default Policies
DekkoSecure typically engages clients in a consultative process to determine the best policy settings for their use case(s). For clients with policy requirements that vary depending on their use cases, multiple tenancies can be set up. Below is the standard tenancy policy configuration:
Minimum password length | 8 characters |
Session timeout | 120 minutes |
Previous version retention | 365 days |
File size upload limit | 0 (no limit) |
Enforce 2FA | ON |
Trusted Tenant | OFF |
Disable Public Hub | ON |
Invite message appendix | OFF |
Status tagging | OFF |
Enforce Attributes | OFF |
External File Verification | OFF |
Invite-only onboarding | ON |
Malware scanning | OFF |
Recycle bin | OFF |
Limit users who can create hubs | ON |
Content Access Admin | OFF |
Policy notes
Invite appendix
An invite appendix adds text to the end of all invite messages sent from Hubs that belong to a Tenancy. This policy is typically used for legal disclaimers or branding purposes.
Example:
Status tagging
Adding and managing tags:
Note: if you remove a tag from the tag manager that is in use, it will be removed from all associated files.
Tag use example:
Tags can be added to files that you own (uploaded) or of which files you are an administrator (shared with full permissions). Tags set on shared content will be displayed for all users that have access to the file/folder.
Tag changes are also shown in the audit log -
Invite-only Onboarding
Turning this policy ON disables the share-and-invite feature.
When files are shared with an unregistered address, the file and file key is stored securely by the DekkoSecure system and then passed to the recipient user when they complete registration - This is called โshare-and-inviteโ. After this exchange has taken place, all future interactions between the sender and newly registered user is end-to-end encrypted.
If invite-only onboarding is ON, Files can only be shared with existing DekkoSecure users, meaning all users must register via an invite, then receive files after they register, meaning all content accessed by them is secured using end-to-end encryption by way of an asymmetric key exchange.
Recycle bin
When enabled, deleted files are staged for permanent deletion in an โArchiveโ, listed in the left-navigation panel. The policy is set in days, and files can be restored from archive by file owners prior to deletion.
Content Access Admin
The Content Admin Account will be set as a member of all Hubs in the Tenancy and has access to all files with full permissions. Content Admin Accounts cannot be removed by Hub administrators or file owners. The Content Admin Account is not a โnormalโ user account; it should be treated as a special access role that remains in place once assigned, and only removed under exceptional circumstances.
Credential management for the Content Admin Account should be done with extreme care. A generic ID (e.g., admin@your-org.com) is recommended.
Things to note about Content Admin Accounts:
- One Content Admin Account can be set at a time.
- All activity (e.g., downloading, deleting) is captured in the audit log.
- Access is granted to all files that are uploaded in this Tenancy after nomination; there is no retrospective access to files shared prior to nomination.
- A notice will be displayed in the sharing menu and the account will be shown in all Hub contact lists.
- If this user is removed from the policy they will still have access to files shared with them prior to removal.
Feature Availability
Features can be disabled for all Hubs in your Tenancy my opening the Edit Feature Policies window:
Turning a feature Off will hide it in the navigation panel on the left of the DekkoSecure application interface.