How can we help? 👋

Tenancy Policies

Policies are applied to all users and Hubs that are assigned to a Tenancy. To implement more than one policy set, multiple Tenancies should be used. Users with the Tenant admin role are able to modify policies.

Default Policies

DekkoSecure typically engages clients in a consultative process to determine the best policy settings for their use case(s). For clients with policy requirements that vary depending on their use cases, multiple tenancies can be set up. Below is the standard tenancy policy configuration:

Minimum password length
8 characters
Session timeout
120 minutes
File retention
365 days
Enforce 2FA
Trusted Tenant
Disable Public Hub
Invite message appendix
Status tagging
Enforce Attributes
External File Verification
Enhanced Zero Knowledge
Limit users who can create hubs
Default Tenancy policies should not be considered recommendations. Governance requirements vary per-client and should be considered carefully based on the descriptions and content provided by DekkoSecure, in combination with your internal practices and business processes. Please contact your DekkoSecure account manager to discuss custom Tenancy policies.


Be sure to press 'Update Policies' after you make any changes!
Step(s) / Notes
Set minimum password length
Enter the specific character count, then press the "Update policies" button. Note: password length requirements are not applied to SSO users.
Set session timeout
Enter the required session duration in minutes, then press the "Update policies" button. Note: session timeout is not applied to SSO users.
Set file retention
Enter the required retention duration in days, then press the "Update policies" button.Note: file retention is applied to versioned files (not current files).
Enforce 2FA
Note: 2FA enforcement is not applied to SSO users.
Trusted Tenant
Note: the trusted user function is not applied to SSO users. A user must log at least once after the policy is applied to be able to reset their password.
Status tagging
When ON, users in all Hubs that belong to this Tenancy will be able to add a status from the specified list to files and folders. To specify tags, press the manage tags button, then add a tag. The default tag colour is dark grey, but can be adjusted from the standard colours list. Tags selection will appear in the same order as the tag management list - drag the ⋮⋮ marker to re-order your tags. See notes for examples of status tags in use.
Disable Public Hub
When OFF, users that are members of any Hubs that belong to this Tenancy will be able to access the Public Hub. The Public Hub does not belong to this Tenancy, and no Policies are applied to it. When ON users that are members of any Hubs that belong to this Tenancy will not be able to access the Public Hub.
Invite message appendix
Enable by ticking the policy, then enter your appendix content. Appendix content will be applied to all future invites. See notes for example invite with appendix.
Enhanced zero knowledge
Note: this setting controls whether users in Hubs associated with the selected tenancy are able to share files and send messages with unregistered users. Policy OFF: users can share files with/send messages to unregistered users. The file/message key is stored securely by DekkoSecure until the recipient registers. All interactions after this point are zero knowledge. In-app viewing and editing for Office (DOCX, XLSX, PPTX) files is enabled - refer to security/compliance notes below for more information. Policy ON: users cannot share files with/send messages to unregistered users. Users must invite recipients and wait for them to register. Following registration, files/messages can be sent. File/message keys are never stored by DekkoSecure. In-app viewing and editing for Office (DOCX, XLSX, PPTX) files is disabled.
Limit users who can create Hubs
This policy controls who in your Tenancy (i.e., users who belong to Hubs which are assigned to your Tenancy). This policy is OFF by default, meaning that all users who are already in your Tenancy are able to create new Hubs.To limit Hub creation, add a rule or rules to the policy. There are two possible rules: - Individual users - Users with a shared domain To set an individual user, enter their ID (email address, i.e., and then press 'Add'. To set a domain, use a wildcard (*), for example *, then press 'Add'. You can add as many users and/or domains as required. Current limits will be displayed under the limit field, and can be removed at any time. Note: users with the Tenant admin role are able to create Hubs regardless of any rules set in Hub creation limitation.

Policy notes

Invite appendix


An invite appendix adds text to the end of all invite messages sent from Hubs that belong to a Tenancy. This policy is typically used for legal disclaimers or branding purposes.

Notion image


Notion image

Status tagging


Adding and managing tags:

Notion image

Note: if you remove a tag from the tag manager that is in use, it will be removed from all associated files.


Tag use example:

Tags can be added to files that you own (uploaded) or of which files you are an administrator (shared with full permissions). Tags set on shared content will be displayed for all users that have access to the file/folder.

Notion image

Tag changes are also shown in the audit log -

Notion image

Enforced Zero Knowledge

If you’d like to learn more about our upcoming capabilities for features supported by server-side encryption at work, please contact us via your DekkoSecure account manager!

user invite/registration:

Turning this policy ON disables the share-and-invite feature.

When files are shared with an unregistered address, the file and file key is stored securely by the DekkoSecure system and then passed to the recipient user when they complete registration - This is called “share-and-invite”. After this exchange has taken place, all future interactions between the sender and newly registered user is end-to-end encrypted.

If Enforce Zero Knowledge is ON, Files can only be shared with existing DekkoSecure users, meaning all users must register via an invite, then receive files after they register, meaning all content accessed by them is secured using end-to-end encryption by way of an asymmetric key exchange.


Enforced Zero Knowledge (office file viewing/editing):

Turning this policy ON disables in-app Office file viewing and editing.

Office document viewing and live editing in DekkoSecure is enabled by utilising a facility on a virtual machine in the DekkoSecure PROTECTED Cloud which renders the file, facilitates live editing, and presents the content to users within the web application.

During this rendering and manipulation process, temporary access to the document is granted to the processing appliance via a specifically generated encryption key, which is removed immediately after rendering is complete (when the user exits the file).

This capability is part of the IRAP-PROTECTED assessment undertaken by DekkoSecure.

Disabling access to this feature via a Tenancy policy is provided in order to maintain DekkoSecure’s zero-knowledge capability should this be strictly required for use of the service.


Feature Availability

Features can be disabled for all Hubs in your Tenancy my opening the Edit Feature Policies window:

Turning a feature Off will hide it in the navigation panel on the left of the DekkoSecure application interface.

Did this answer your question?