Security Policies

Enforce organisation-wide and team-level security policies that govern session behaviour. Configure re-authentication windows, idle timeouts, concurrent session limits, and MFA requirements — with team-level overrides for granular control across departments.

Org-Wide Controls

Security Policy Enforcement

Force re-authentication after configurable hours (org-wide or per-team)
Idle timeout auto-logout after inactivity (org-wide or per-team)
Limit concurrent sessions per user to prevent credential sharing
Enforce MFA for all organisation members with a single toggle
Team-level overrides — stricter policies for sensitive departments
Teams inherit org defaults unless explicitly overridden
Real-time enforcement — policy changes apply to active sessions
Full audit trail for every policy change with admin attribution
API-driven configuration for infrastructure-as-code workflows
Available on Business and Enterprise plans
Policy Engine

Security Policy Configuration

Security Policies Business+ ORGANISATION DEFAULTS Re-authentication Force re-auth every 8 hours ✓ Active — 12 users affected Idle Timeout Auto-logout after 30 min ✓ Active — applies to all sessions Max Concurrent Sessions Per-user session limit 3 ✓ Active — blocks 4th session 🔒 MFA Required Enforce for all members ✓ Enforced — 12/12 users compliant TEAM-LEVEL OVERRIDES SRE Team Stricter policies for production access Re-auth: 4h Idle: 15 min Overrides org Finance Team Uses organisation default policies Inherits org defaults AUDIT LOG 09:14:22 POLICY [email protected] set reauth_policy_hours=8 09:14:23 ENFORCE 12 active sessions marked for re-auth 09:15:01 OVERRIDE SRE team: reauth=4h, idle=15m 09:15:02 OK 3 SRE sessions updated with stricter policy
Getting Started

How It Works

1. Connect Identity Provider

Integrate with Okta, Azure AD, Google Workspace, or any SAML/OIDC provider in minutes.

2. Add Resources

Register your servers, databases, and web apps. Define role-based access policies.

3. Secure Access

Users access resources through the browser with identity verification, session recording, and audit logs.

Explore More

Related Features

SSH Access Management

Secure shell access with browser-based terminal — no SSH ports exposed to the internet. Full terminal emulation, session recording, keystroke logging, and identity-based access controls for compliance.

Secure RDP Access Management

Native RDP access with Kerberos authentication and Active Directory Protected User support. Access Windows desktops through the browser or GUI client — no RDP ports exposed. Includes SSO, MFA, full screen recording, clipboard controls, and file transfer policies.

VNC Remote Desktop Access

Embedded VNC access with browser-based remote desktop — no VNC ports exposed to the internet. SSO, MFA, full session recording, clipboard controls, and read-only mode for secure remote management of Linux desktops, Proxmox hosts, and headless servers.

Ready for Security Policies?

Deploy in minutes. No legacy VPN required. No credit card required.

Start Free Trial