Securing the Sisense Platform
Sisense comes with many security features already installed and activated. However, there are several things that you, as an Administrator, can do to enhance Sisense security, per your company’s policies.
Configure Security Settings
There are many security features that you can enable that increase the security of your Sisense deployment. For example, you can manage user sessions, set lockout durations, and white list domains. For more information, see Security Settings.
SSL
Use SSL on your Sisense server to encrypt the server-client data channel. With SSL in place, you can access Sisense via an HTTPS secure connection, which is password protected. This also includes support for HTTP Strict Transport Security (HSTS) and cookie security. For more information, see Setting Up SSL for Sisense on Linux.
Prevent Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) is a type of exploit that allows attackers to perform unauthorized actions on behalf of a user that the web application trusts. You can enable CSRF protection for your Sisense deployment, but note that by doing so you cannot use Sisense JS, Sisense Mobile, or Sisense embedded in iFrames. For more information about CSRF, see Cross-Site Request Forgery.
Account Lockout Thresholds
Prevent brute-force attacks in Sisense by limiting the number of failed login attempts that can be performed before an account is locked. For more information, see Account Lockout Thresholds.
.r.