Security
Console is built with security as a top priority. This guide covers the security features available and best practices for keeping your organization safe.
Built-in Security Featuresβ
Console includes multiple layers of security:
π Data Isolation
Complete separation between companies
π Encrypted Storage
Sensitive data encrypted at rest
π‘ Secure Authentication
Passwordless, SSO, 2FA, and traditional auth
π Audit Logging
Complete activity tracking
Authentication Securityβ
Two-Factor Authentication (2FA)β
Require users to prove their identity with two factors:
- Something they know (password)
- Something they have (phone with authenticator app)
Enable 2FA:
- Go to Settings β Security
- Turn on Require 2FA for all users
- Users must set up 2FA on next login
Benefits:
- Prevents unauthorized access even if password is compromised
- Protects against phishing attacks
- Required for compliance in many industries
Require 2FA for administrators first, then roll out to all users.
Password Policiesβ
Console enforces strong passwords by default:
- Minimum 12 characters
- Mix of uppercase, lowercase, numbers, and symbols
- Cannot reuse last 5 passwords
- Expires after 90 days (configurable)
Configure Password Policy:
- Go to Settings β Security
- Adjust Password Requirements
- Click Save
Passwordless Authenticationβ
Passwordless login eliminates the need to remember passwords by using temporary codes sent to your email.
How It Works:
- Enter your email address on the login page
- Receive a 6-digit code via email
- Enter the code to authenticate
- Access granted without needing a password
Benefits:
- More Secure: No passwords to steal or phish
- Better UX: No need to remember complex passwords
- Faster Login: Check email and enter code
- Prevents Password Reuse: Each login uses a unique code
Enable Passwordless:
- Go to Settings β Security
- Turn on Allow Passwordless Login
- Users can choose passwordless on login screen
Security Features:
- Codes expire after 10 minutes
- One-time use only (cannot reuse codes)
- Rate limited to prevent brute force
- Email verification ensures identity
For maximum security, enable both passwordless authentication and 2FA. Users will need both email access and their authenticator app.
When to Use:
- β Mobile-first users who check email frequently
- β Users who struggle with password complexity
- β Quick access scenarios (support, operations)
- β High-security admin accounts (use password + 2FA)
Single Sign-On (SSO)β
For maximum security, use SSO with your Identity Provider:
- Centralized access control
- No passwords stored in Console
- Automatic deprovisioning when users leave
- Compliance with enterprise standards
See Configuring SSO for setup instructions.
Access Controlβ
Principle of Least Privilegeβ
Give users only the access they need:
β Don't:
- Make everyone an administrator
- Give broad permissions "just in case"
- Leave old accounts active
β Do:
- Grant minimum required permissions
- Use specific groups for specific purposes
- Regular access reviews
Example:
Support Agent needs:
β Read users (to help customers)
β Read and update tickets
β Delete users
β Modify billing
Regular Access Reviewsβ
Review who has access to what:
Monthly:
- Check administrative access
- Review new user assignments
- Confirm 2FA adoption rate
Quarterly:
- Full review of all user access
- Remove inactive users
- Update group memberships
Annually:
- Evaluate permission structure
- Update security policies
- Review audit logs for patterns
Session Securityβ
Configure session settings for your security needs:
Session Duration:
- Default: 7 days
- Recommended: 1 day for high security
- Configure in Settings β Security
Automatic Logout:
- Enable timeout after inactivity
- Default: 30 minutes
- Customize per your needs
Data Protectionβ
Data Isolationβ
Console guarantees complete data isolation between companies:
- Your data is invisible to other companies
- Database queries are automatically filtered
- No cross-company access possible
Technical Measures:
- Every database query includes company filter
- API requests validated against company context
- Isolation enforced at application and database level
Encryptionβ
Data at Rest:
- Passwords: Bcrypt hashing
- Sensitive data: AES-256 encryption
- 2FA secrets: Encrypted before storage
Data in Transit:
- All connections use TLS 1.3
- HTTPS enforced (no HTTP allowed)
- Secure WebSocket connections
Data Visibilityβ
Control which data can be viewed in queries and dashboards:
- Column-level visibility: Configure each column as public, restricted, or pseudonymized
- Table-level restrictions: Restrict entire tables when needed
- Automatic enforcement: Visibility rules apply to all queries, visualizations, and exports
- Pseudonymization: Hash sensitive data for anonymous analysis while preserving JOIN capability
Visibility Levels:
| Level | Behavior |
|---|---|
| Public | Original data value |
| Restricted | Shows [RESTRICTED] |
| Pseudonymized | SHA-256 hash of value |
See Data Catalog for configuration details.
Backup and Recoveryβ
Console performs automatic backups:
- Frequency: Every 6 hours
- Retention: 30 days
- Encryption: All backups encrypted
- Location: Geographically distributed
In case of data loss: Contact [email protected] for backup restoration.
Audit and Complianceβ
Audit Loggingβ
Console logs all security-relevant events:
Authentication Events:
- Login attempts (success and failure)
- Password changes
- Passwordless code requests and verifications
- 2FA setup and reset
- SSO authentication
Access Events:
- Permission changes
- User creation/deletion
- Group assignments
- Team changes
View Audit Logs:
- Go to Settings β Audit Log
- Filter by:
- Event type
- User
- Date range
- Success/failure
- Export for compliance reporting
Compliance Featuresβ
Console helps you meet compliance requirements:
SOC 2:
- Access controls
- Encryption
- Audit logging
- Regular security reviews
GDPR:
- Data export capability
- Right to deletion
- Consent management
- Data processing agreements
HIPAA:
- Access controls
- Audit trails
- Encryption
- Business associate agreements
Contact [email protected] for compliance documentation and certifications.
Security Best Practicesβ
For Administratorsβ
1. Implement 2FA Universallyβ
Priority 1: Admins (now)
Priority 2: Managers (this month)
Priority 3: All users (this quarter)
2. Regular Security Trainingβ
- Phishing awareness
- Password security
- Recognizing social engineering
- Incident reporting procedures
3. Monitor Audit Logsβ
Set up alerts for:
- Multiple failed login attempts
- After-hours administrative actions
- Mass permission changes
- Unusual geographic access
4. Implement SSOβ
If you have an enterprise IdP:
- Configure SSO
- Test with pilot group
- Roll out to all users
- Enforce SSO-only login
5. Use Strong Permissionsβ
Regular users:
- Specific, limited permissions
- Group-based access
- Regular reviews
Administrators:
- Few trusted individuals
- 2FA required
- Separate admin accounts (no daily use)
For Usersβ
1. Use Unique, Strong Passwordsβ
- Don't reuse passwords from other sites
- Use a password manager
- Enable 2FA even if not required
2. Verify Login URLsβ
Always check you're on the real Console:
- β
https://console.solucao42.com.br - β
http://console-login.phishing-site.com
3. Secure Your Devicesβ
- Keep OS and browser updated
- Use antivirus software
- Lock screen when away
- Don't share login credentials
4. Report Suspicious Activityβ
Contact your administrator if you notice:
- Unexpected password reset emails
- Logins you didn't make
- Changes you didn't authorize
- Suspicious emails claiming to be from Console
Incident Responseβ
If You Suspect a Breachβ
Immediate Actions:
-
Secure Your Account:
- Change your password immediately
- Enable 2FA if not already active
- Review active sessions and revoke unknown ones
-
Notify Your Administrator:
- Report what you observed
- Provide timeline of events
- Share any suspicious emails or messages
-
Document Everything:
- Take screenshots
- Note times and dates
- Save any evidence
Administrator Actions:
-
Assess Impact:
- Review audit logs
- Identify affected accounts
- Determine scope of breach
-
Contain:
- Reset passwords for affected accounts
- Revoke active sessions
- Disable compromised accounts
-
Investigate:
- Review access patterns
- Check for unauthorized changes
- Identify attack vector
-
Notify:
- Inform affected users
- Contact Solução42 support
- Comply with legal notification requirements
-
Recover:
- Restore from backups if needed
- Re-secure accounts
- Update security measures
-
Learn:
- Document what happened
- Update security policies
- Train users on lessons learned
Contacting Supportβ
For security incidents:
- Email: [email protected]
- Priority: Mark as urgent
- Include: Timeline, affected users, suspected cause
Security Checklistβ
Use this checklist to maintain strong security:
Initial Setupβ
- Enable 2FA for all administrators
- Configure password policies
- Set up SSO (if available)
- Review default permissions
- Configure session timeout
Monthlyβ
- Review new user access
- Check for inactive accounts
- Monitor failed login attempts
- Verify admin account list
Quarterlyβ
- Full access review
- Review audit logs
- Update security documentation
- Test backup restoration
- Security training for team
Annuallyβ
- Comprehensive security audit
- Update security policies
- Review compliance requirements
- Incident response drill
- Third-party security assessment
Additional Resourcesβ
- Authentication - Authentication methods
- Permissions - Access control
- Data Catalog - Explore metadata and configure data visibility
- Enabling 2FA Guide - Set up 2FA
- Configuring SSO Guide - Enterprise authentication
Contact our security team at [email protected]