Engini has a complete security program with documented policies and procedures. Engini also have secure development and testing, a secure and scalable infrastructure, and capabilities within the product that enhance security and give customers control over key security features.
Access and Authentication #
Password Policy Enforcement #
Users login to Engini using a password that is known only to them. Engini enforces password length, complexity, and expiration standards. Passwords are not stored; instead, as is standard practice, only a secure hash of the password is stored in the database.
Session timeout #
Engini supports automatic session logout after a period of time. Organizations can set a timeout duration according to their security needs. An Admin can update their account timeout duration by navigating to Admin page > Security tab > Session timeout duration.
Two-Factor Authentication #
An organization can mandate that their users configure their accounts to use Two-Factor Authentication. Engini supports SMS & Email.
IP Filtering #
IP Filtering helps to ensure that traffic to Engini is restricted to authorized users and / or http requests (webhooks) from specific IP Addresses / Countries.
Organizational separation #
Admins can configure a separate Workspace for each team or business function. Each Workspace has its own set of users and resources, such as connections, workflows, and tables. Users can only access the resources of the Workspace to which they are assigned.
Separation of environments #
Engini supports a multi-phase development lifecycle, in which development, testing, and production are performed in separate environments and by different users.
Secure Access to On-Prem #
Engini’s On-Premise agent (OPA) allows customers to securely access authorized on-premises applications, databases, and folders via specific hostnames and IP addresses.
Apps Connections #
OAuth2 #
Where possible, Engini workflows are configured to connect to applications using user-supplied credentials through OAuth2, thereby eliminating the need to store credentials in Engini. However, if an application requires credentials to be stored, they are encrypted using a 256-bit key.
Data protection #
Data Encryption #
Engini encrypts all data stored at rest using a strong encryption algorithm (AES-256).This data includes workflows, connections, workflow history, and audit logs.
Data Retention #
Engini stores transaction-related data for a limited period of time, to provide visibility into system activity, facilitate testing and debugging, allow the re-running of failed transactions, and support long-running transactions. The retention period varies by Engini plan and in some plans is configurable.
.png)