Security

Console is built with security as a top priority. This guide covers the security features available and best practices for keeping your organization safe.

Built-in Security Features

Console includes multiple layers of security:

🔐 Data Isolation

Complete separation between companies

🔒 Encrypted Storage

Sensitive data encrypted at rest

🛡 Secure Authentication

Passwordless, SSO, 2FA, and traditional auth

📝 Audit Logging

Complete activity tracking

Authentication Security

Two-Factor Authentication (2FA)

Require users to prove their identity with two factors:

Something they know (password)
Something they have (phone with authenticator app)

Enable 2FA:

Go to Settings → Security
Turn on Require 2FA for all users
Users must set up 2FA on next login

Benefits:

Prevents unauthorized access even if password is compromised
Protects against phishing attacks
Required for compliance in many industries

Start with Admins

Require 2FA for administrators first, then roll out to all users.

Password Policies

Console enforces strong passwords by default:

Minimum 12 characters
Mix of uppercase, lowercase, numbers, and symbols
Cannot reuse last 5 passwords
Expires after 90 days (configurable)

Configure Password Policy:

Go to Settings → Security
Adjust Password Requirements
Click Save

Passwordless Authentication

Passwordless login eliminates the need to remember passwords by using temporary codes sent to your email.

How It Works:

Enter your email address on the login page
Receive a 6-digit code via email
Enter the code to authenticate
Access granted without needing a password

Benefits:

More Secure: No passwords to steal or phish
Better UX: No need to remember complex passwords
Faster Login: Check email and enter code
Prevents Password Reuse: Each login uses a unique code

Enable Passwordless:

Go to Settings → Security
Turn on Allow Passwordless Login
Users can choose passwordless on login screen

Security Features:

Codes expire after 10 minutes
One-time use only (cannot reuse codes)
Rate limited to prevent brute force
Email verification ensures identity

Combine with 2FA

For maximum security, enable both passwordless authentication and 2FA. Users will need both email access and their authenticator app.

When to Use:

✅ Mobile-first users who check email frequently
✅ Users who struggle with password complexity
✅ Quick access scenarios (support, operations)
❌ High-security admin accounts (use password + 2FA)

Single Sign-On (SSO)

For maximum security, use SSO with your Identity Provider:

Centralized access control
No passwords stored in Console
Automatic deprovisioning when users leave
Compliance with enterprise standards

See Configuring SSO for setup instructions.

Access Control

Principle of Least Privilege

Give users only the access they need:

❌ Don't:

Make everyone an administrator
Give broad permissions "just in case"
Leave old accounts active

✅ Do:

Grant minimum required permissions
Use specific groups for specific purposes
Regular access reviews

Example:

Support Agent needs:
✓ Read users (to help customers)
✓ Read and update tickets
✗ Delete users
✗ Modify billing

Regular Access Reviews

Review who has access to what:

Monthly:

Check administrative access
Review new user assignments
Confirm 2FA adoption rate

Quarterly:

Full review of all user access
Remove inactive users
Update group memberships

Annually:

Evaluate permission structure
Update security policies
Review audit logs for patterns

Session Security

Configure session settings for your security needs:

Session Duration:

Default: 7 days
Recommended: 1 day for high security
Configure in Settings → Security

Automatic Logout:

Enable timeout after inactivity
Default: 30 minutes
Customize per your needs

Data Protection

Data Isolation

Console guarantees complete data isolation between companies:

Your data is invisible to other companies
Database queries are automatically filtered
No cross-company access possible

Technical Measures:

Every database query includes company filter
API requests validated against company context
Isolation enforced at application and database level

Encryption

Data at Rest:

Passwords: Bcrypt hashing
Sensitive data: AES-256 encryption
2FA secrets: Encrypted before storage

Data in Transit:

All connections use TLS 1.3
HTTPS enforced (no HTTP allowed)
Secure WebSocket connections

Data Visibility

Control which data can be viewed in queries and dashboards:

Column-level visibility: Configure each column as public, restricted, or pseudonymized
Table-level restrictions: Restrict entire tables when needed
Automatic enforcement: Visibility rules apply to all queries, visualizations, and exports
Pseudonymization: Hash sensitive data for anonymous analysis while preserving JOIN capability

Visibility Levels:

Level	Behavior
Public	Original data value
Restricted	Shows `[RESTRICTED]`
Pseudonymized	SHA-256 hash of value

See Data Catalog for configuration details.

Backup and Recovery

Console performs automatic backups:

Frequency: Every 6 hours
Retention: 30 days
Encryption: All backups encrypted
Location: Geographically distributed

In case of data loss: Contact [email protected] for backup restoration.

Audit and Compliance

Audit Logging

Console logs all security-relevant events:

Authentication Events:

Login attempts (success and failure)
Password changes
Passwordless code requests and verifications
2FA setup and reset
SSO authentication

Access Events:

Permission changes
User creation/deletion
Group assignments
Team changes

View Audit Logs:

Go to Settings → Audit Log
Filter by:
- Event type
- User
- Date range
- Success/failure
Export for compliance reporting

Compliance Features

Console helps you meet compliance requirements:

SOC 2:

Access controls
Encryption
Audit logging
Regular security reviews

GDPR:

Data export capability
Right to deletion
Consent management
Data processing agreements

HIPAA:

Access controls
Audit trails
Encryption
Business associate agreements

Enterprise Compliance

Contact [email protected] for compliance documentation and certifications.

Security Best Practices

For Administrators

1. Implement 2FA Universally

Priority 1: Admins (now)
Priority 2: Managers (this month)
Priority 3: All users (this quarter)

2. Regular Security Training

Phishing awareness
Password security
Recognizing social engineering
Incident reporting procedures

3. Monitor Audit Logs

Set up alerts for:

Multiple failed login attempts
After-hours administrative actions
Mass permission changes
Unusual geographic access

4. Implement SSO

If you have an enterprise IdP:

Configure SSO
Test with pilot group
Roll out to all users
Enforce SSO-only login

5. Use Strong Permissions

Regular users:
- Specific, limited permissions
- Group-based access
- Regular reviews

Administrators:
- Few trusted individuals
- 2FA required
- Separate admin accounts (no daily use)

For Users

1. Use Unique, Strong Passwords

Don't reuse passwords from other sites
Use a password manager
Enable 2FA even if not required

Always check you're on the real Console:

✅ https://console.solucao42.com.br
❌ http://console-login.phishing-site.com

3. Secure Your Devices

Keep OS and browser updated
Use antivirus software
Lock screen when away
Don't share login credentials

4. Report Suspicious Activity

Contact your administrator if you notice:

Unexpected password reset emails
Logins you didn't make
Changes you didn't authorize
Suspicious emails claiming to be from Console

Incident Response

If You Suspect a Breach

Immediate Actions:

Secure Your Account:
- Change your password immediately
- Enable 2FA if not already active
- Review active sessions and revoke unknown ones
Notify Your Administrator:
- Report what you observed
- Provide timeline of events
- Share any suspicious emails or messages
Document Everything:
- Take screenshots
- Note times and dates
- Save any evidence

Administrator Actions:

Assess Impact:
- Review audit logs
- Identify affected accounts
- Determine scope of breach
Contain:
- Reset passwords for affected accounts
- Revoke active sessions
- Disable compromised accounts
Investigate:
- Review access patterns
- Check for unauthorized changes
- Identify attack vector
Notify:
- Inform affected users
- Contact Solução42 support
- Comply with legal notification requirements
Recover:
- Restore from backups if needed
- Re-secure accounts
- Update security measures
Learn:
- Document what happened
- Update security policies
- Train users on lessons learned

Contacting Support

For security incidents:

Email: [email protected]
Priority: Mark as urgent
Include: Timeline, affected users, suspected cause

Security Checklist

Use this checklist to maintain strong security:

Initial Setup

Monthly

Review new user access
Check for inactive accounts
Monitor failed login attempts
Verify admin account list

Quarterly

Annually

Additional Resources

Authentication - Authentication methods
Permissions - Access control
Data Catalog - Explore metadata and configure data visibility
Enabling 2FA Guide - Set up 2FA
Configuring SSO Guide - Enterprise authentication

Security Questions?

Contact our security team at [email protected]

Built-in Security Features​

🔐 Data Isolation

🔒 Encrypted Storage

🛡 Secure Authentication

📝 Audit Logging

Authentication Security​

Two-Factor Authentication (2FA)​

Password Policies​

Passwordless Authentication​

Single Sign-On (SSO)​

Access Control​

Principle of Least Privilege​

Regular Access Reviews​

Session Security​

Data Protection​

Data Isolation​

Encryption​

Data Visibility​

Backup and Recovery​

Audit and Compliance​

Audit Logging​

Compliance Features​

Security Best Practices​

For Administrators​

1. Implement 2FA Universally​

2. Regular Security Training​

3. Monitor Audit Logs​

4. Implement SSO​

5. Use Strong Permissions​

For Users​

1. Use Unique, Strong Passwords​

2. Verify Login URLs​

3. Secure Your Devices​

4. Report Suspicious Activity​

Incident Response​

If You Suspect a Breach​

Contacting Support​

Security Checklist​

Initial Setup​

Monthly​

Quarterly​

Annually​

Additional Resources​