Skip to main content

Security profiles

Security profiles allow you to specify any number of security requirements that need to be met by users of your application. For example, you can use security profiles to:

  • Apply a password policy that includes a minimum password length and complexity.
  • Require all users or user in certain roles to log in with two-factor authentication (2FA).
  • Allow or disallow particular login methods (such as Google, email address and password, Facebook, or Microsoft).

You can configure security profiles from your Studio: go to Platform > Security and select the Security profiles tab.

Once you have created one or more security profiles, you can apply them as standard to all users or in specific situations.

Base security profile

To enable login methods for all users or to require all users to use two-factor authentication or adhere to a password policy, apply the relevant security profile(s) to the entire application. You can use the same security profile(s) for each of your DTAP environments, or apply different profile(s) to each environment.

From My Grexx, go to the Security settings and set the Base security profile for one or more for your DTAP environments. You will need to copy the case ID of the security profile from your Studio. You can view this from the Security Profiles list by enabling the CaseID column.

Per user role

To require users in particular roles to meet particular security requirements, apply a security profile to the relevant platform and/or casetype roles. For example, you can use this to require users in roles with access to sensitive data to log in with two-factor authentication.

To apply a security profile to a role, edit the platform or casetype role in your Studio. Once applied, everyone who logs in with the role must satisfy the requirements of the security profile. For more information, see Roles.

Specific circumstances

You can use the platform context designer to apply a security profile when certain conditions are met. For example, you might want to enable different login methods based on the hostname. For more information about applying security profiles based on the platform context, see Context.

Note that when using the platform context designer, you cannot use user-related information to decide which security profile to apply. This is because the user has not yet logged in and therefore no user details are available. However, you can use step-up to apply additional security requirements when performing selected activities or viewing particular widgets. For more information, see Step-up.