Security
Single sign-on
Laserfiche Cloud supports single sign-on with Active Directory Federated Services (AD FS) and SAML Authentication with identity providers such as Okta and Azure Active Directory.
Password policies
Laserfiche Cloud supports industry-standard password controls, such as password minimum length, complexity and history.
Vulnerability scanning
Laserfiche performs a vulnerability scan of backend servers that run in the Laserfiche Cloud hosting environment.
Penetration testing
Laserfiche engages third-party vendors to conduct external penetration testing of the Laserfiche Cloud system.
Intrusion detection
Laserfiche Cloud utilizes host-based intrusion detection systems to reduce the risk of data theft by individuals or organizations attempting to gain unauthorized access.
Firewalls
Laserfiche Cloud’s firewall configuration settings are regularly reviewed based on industry standards.
Repository application auditing
Laserfiche Cloud supports auditing of both access and modification of objects in repositories.
Access rights
Administrators can configure access rights and privileges to limit actions that users can perform across the repository based upon role assignments or group memberships.
Fine-grained access control
Administrators can use access rights to limit and control access to individual documents and objects. For example, security tags restrict access to documents on a document-by-document basis.
Repository audit log
The Laserfiche Cloud repository audit log includes details of user actions, including viewing, modifying, creating and deleting documents, and similar operations on metadata and other repository objects.
Architecture
Tenant isolation
Laserfiche Cloud provides tenant isolation by logically segregating customer data between accounts. Customers do not have access to any other customer’s data or services.
Encryption
Laserfiche uses AES-256 encryption to encrypt customer data. Connections over the Internet to Laserfiche Cloud are encrypted using HTTPS over TLS 1.2 or higher. Requests over unencrypted HTTP will be automatically redirected to the equivalent HTTPS endpoint.
Business Continuity and Disaster Recovery
Laserfiche Cloud is hosted in multiple regions. Regions consist of multiple availability zones that are comprised of multiple data centers. These data centers are housed in separate facilities with redundant power, networking and connectivity.