Securing the Sisense Platform

Sisense comes with many security features already installed and activated. However, there are several things that you, as an Administrator, can do to enhance Sisense security, per your company's policies.

Configure Security Settings

There are many security features that you can enable that increase the security of your Sisense deployment. For example, you can manage user sessions, set lockout durations, and white list domains. For more information, see Security Settings.

SSL

Use SSL on your Sisense server to encrypt the server-client data channel. With SSL in place, you can access Sisense via an HTTPS secure connection, which is password protected. This also includes support for HTTP Strict Transport Security (HSTS) and cookie security. For more information, see Setting Up SSL for Sisense on Linux.

Prevent Cross-Site Request Forgery

By default, Cross-Site Request Forgery (CSRF) protection is enabled to prevent attackers from performing unauthorized actions on behalf of a user that the web application trusts. With this protection enabled, you can work with SisenseJS, frame embedding, and Sisense Mobile by entering the relevant parent (SisenseJS) domain into the Embedded Domain White List. For more information about CSRF, see Cross-Site Request Forgery.

Account Lockout Thresholds

Prevent brute-force attacks in Sisense by limiting the number of failed login attempts that can be performed before an account is locked. For more information, see Account Lockout Thresholds.