Securing the Sisense Platform

Sisense comes with many security features already installed and activated. However, there are several things that you, as an Administrator, can do to enhance Sisense security, per your company’s policies.

Configure Security Settings

There are many security features that you can enable that increase the security of your Sisense deployment. For example, you can manage user sessions, set lockout durations, and white list domains. For more information, see Security Settings.

SSL

Use SSL on your Sisense server to encrypt the server-client data channel. With SSL in place, you can access Sisense via an HTTPS secure connection, which is password protected. This also includes support for HTTP Strict Transport Security (HSTS) and cookie security. For more information, see Setting Up SSL for Sisense on Linux.

Prevent Cross-Site Request Forgery

Cross-Site Request Forgery (CSRF) is a type of exploit that allows attackers to perform unauthorized actions on behalf of a user that the web application trusts. You can enable CSRF protection for your Sisense deployment, but note that by doing so you cannot use Sisense JS, Sisense Mobile, or Sisense embedded in iFrames. For more information about CSRF, see Cross-Site Request Forgery.

Account Lockout Thresholds

Prevent brute-force attacks in Sisense by limiting the number of failed login attempts that can be performed before an account is locked. For more information, see Account Lockout Thresholds.

.r.