How can we help? 👋

Authentication

Notion image
 

Identification

Users are uniquely identified by their email address. Email addresses are the primary primary entity used for sharing and invites, however users in common Hubs can also search by name.

Standard accounts

Passwords

The default password length policy is 8 characters. This can be increased by setting an increased minimum password length using the Tenancy Manager policy.

Each users’ passwords is used to encrypt their private key, and passwords are hashed and salted before they are stored by the DekkoSecure system. This is one of the key building blocks of the platform’s Zero Knowledge capability.

2FA Protocol

DekkoSecure uses TOTP (Time-Based One-Time Password) as the 2FA method on accounts that authenticate via the built-in profile system (”Standard accounts”). Organisations that authenticate using Entra ID SSO will follow the conditional access control set by the customer in the Entra ID administration tools.

2FA is also enforceable via a policy in the Tenancy Manager. DekkoSecure employs TOTP 2FA rather than SMS 2FA because it does not rely on sending codes over SMS or any other communication channel. Instead, the one-time password is generated by a dedicated app (such as Microsoft Authenticator) on the user's device, and is valid only for a short period of time. This makes it much harder for an attacker to intercept the code or gain access to the user's account through social engineering or phishing attacks.

Failure to satisfy a 2FA challenge is met with exponential backoff.

Supported Authenticator applications

 

Official support is offered for Microsoft Authenticator.

 

Alternative authenticator applications that support TOTP are also able to be used, such as:

  • Google Authenticator
  • Authy
  • Okta Verify
 
⚠️
DekkoSecure does not support or endorse the use of paid authenticator applications. If a 2FA app demands payment, do not use it.
 

Our comprehensive 2FA guides can be found here.

Single Sign-On accounts

Entra ID SSO

The DekkoSecure platform natively supports SSO integration for Azure Active Directory/Entra ID as a third part enterprise application. Entra ID users are auto-provisioned and customer’s conditional access controls can be applied for multiple layers of authentication.

Critically, Entra ID integration is for authentication only. Access to content such as files and organisational governance is managed by the DekkoSecure application (via sharing permission and Tenancy controls).

Users that authenticate using SSO are able to interact with SSO and non-SSO user respectively, and if a client begins their DekkoSecure without SSO, exisiting users can be automatically migrated to SSO, retaining their files, contacts and Hub membership(s).

Please review our SSO FAQ and Entra ID pages for more information.

Did this answer your question?
😞
😐
🤩