# Securing the Sisense Platform

> Sisense comes with many security features already installed and activated. However, there are several things that an Administrator, can do to enhance Sisense security, per your company's policies.

*Source: https://docs.sisense.com/main/SisenseLinux/securing-the-sisense-platform.htm*

---

Last updated: June 10, 2026

|  |  |
| --- | --- |
| [Tier](https://www.sisense.com/pricing/#pricing) | [Deployment](https://docs.sisense.com/main/SisenseLinux/introduction-to-sisense-cloud-managed-services.md#ComparisonofManagedCloudandSelfHosted) |
| Launch     Grow    Enterprise | Cloud     On-Prem |

Sisense comes with many security features already installed and activated. However, there are several things that
you, as an Administrator, can do to enhance Sisense security, per your company's policies.

## Configure Security Settings

There are many security features that you can enable that increase the security of your Sisense deployment. For
example, you can manage user sessions, set lockout durations, and white list domains. For more information, see
[Security Settings](https://docs.sisense.com/main/SisenseLinux/security-settings.md).

## SSL

Use SSL on your Sisense server to encrypt the server-client data channel. With SSL in place, you can access Sisense
via an HTTPS secure connection, which is password protected. This also includes support for HTTP Strict Transport Security (HSTS) and cookie security.
For more information, see [Setting Up SSL for Sisense on Linux](https://docs.sisense.com/main/SisenseLinux/setting-up-ssl-for-sisense-linux.md).

## Prevent Cross-Site Request Forgery

By default, Cross-Site Request Forgery (CSRF) protection is enabled to prevent attackers from performing unauthorized
actions on behalf of a user that the web application trusts. With this protection enabled, you can work with
SisenseJS, frame embedding, and Sisense Mobile by entering the relevant parent (SisenseJS) domain into the Embedded
Domain White List. For more information about CSRF, see [Cross-Site Request Forgery](https://docs.sisense.com/main/SisenseLinux/csrf.md).

## Account Lockout Thresholds

Prevent brute-force attacks in Sisense by limiting the number of failed login attempts that can be performed before an account is locked.
For more information, see [Account Lockout Thresholds](https://docs.sisense.com/main/SisenseLinux/account-lockout-thresholds.md).
