How can we help? 👋


Notion image


Users are uniquely identified by their email address. Email addresses are the primary primary entity used for sharing and invites, however users in common Hubs can also search by name.

Standard accounts


The default password length policy is 8 characters. This can be increased by setting an increased minimum password length using the Tenancy Manager policy.

Each users’ passwords is used to encrypt their private key, and passwords are hashed and salted before they are stored by the DekkoSecure system. This is one of the key building blocks of the platform’s Zero Knowledge capability.

2FA Protocol

DekkoSecure uses TOTP (Time-Based One-Time Password) as the 2FA method on accounts that authenticate via the built-in profile system. Organisations that authenticate using Azure AD SSO will follow the conditional access control set by the customer in the AAD administration tools.

2FA is also enforceable via a policy in the Tenancy Manager. DekkoSecure employs TOTP 2FA rather than SMS 2FA because it does not rely on sending codes over SMS or any other communication channel. Instead, the one-time password is generated by a dedicated app (such as Microsoft Authenticator) on the user's device, and is valid only for a short period of time. This makes it much harder for an attacker to intercept the code or gain access to the user's account through social engineering or phishing attacks.

Failure to satisfy a 2FA challenge is met with exponential backoff.

Supported Authenticator applications


Official support is offered for Microsoft Authenticator.


Alternative authenticator applications that support TOTP are also able to be used, such as:

  • Google Authenticator
  • Authy
  • Okta Verify
DekkoSecure does not support or endorse the use of paid authenticator applications. If a 2FA app demands payment, do not use it.

Our comprehensive 2FA guides can be found here.

Single Sign-On accounts

Azure Active Directory SSO

The DekkoSecure platform natively supports SSO integration for Azure Active Directory/Entra ID as a third part enterprise application. AAD users are auto-provisioned and customer’s conditional access controls can be applied for multiple layers of authentication.

Critically, AAD integration is for authentication only. Access to content such as files and organisational governance is managed by the DekkoSecure application (via sharing permission and Tenancy controls).

Users that authenticate using SSO are able to interact with SSO and non-SSO user respectively, and if a client begins their DekkoSecure without SSO, exisiting users can be automatically migrated to SSO, retaining their files, contacts and Hub membership(s).

Please review our SSO FAQ and AAD/EID pages for more information.

Did this answer your question?