Skip to main content

Security Settings

Configure organization-wide security settings to protect your data and meet compliance requirements.

Security Settings

Accessing Security Settings

  1. Go to Settings
  2. Click the Security tab

Only admins can access security settings.

Multi-Factor Authentication (MFA)

MFA Enforcement

Business & Enterprise

Organization-wide MFA enforcement is available on Business and Enterprise plans.

Require all users to enable MFA:

  1. Find MFA Requirements
  2. Toggle Require MFA for all users
  3. Set grace period (days for users to comply)
  4. Save

When enabled:

  • Existing users see MFA setup prompts
  • Grace period countdown begins
  • After grace period, MFA is required to access portals
  • New users must set up MFA immediately

Grace Period

The grace period gives users time to set up MFA:

  • Default: 7 days
  • Configurable: 1-30 days
  • Users see countdown on dashboard
  • After expiration, portal access requires MFA

MFA for Guests

Control whether guests need MFA:

  • Optional - Guests can choose
  • Required - Guests must have MFA
  • Required for portal access - MFA checked when accessing specific portals

Portal Security

Private Portals

Business & Enterprise

Private portals are available on Business and Enterprise plans.

Enable private portal capability:

  1. In Security settings, find Private Portals
  2. Enable the feature
  3. Portals can now be marked as private

Private portals:

  • Hidden from most organization members
  • Only visible to specifically assigned members
  • Ideal for sensitive matters

See Portal Permissions for details.

Hide Guest Permissions

Business & Enterprise

Available on Business and Enterprise plans.

Control permission visibility for guests:

  1. Find Permission Display
  2. Toggle Hide permissions from guests
  3. Save

When enabled, guests don't see what permissions they have, creating a cleaner interface.

Terms and Conditions

Require acceptance of terms:

  1. Find Terms & Conditions
  2. Toggle Require terms acceptance
  3. Add your terms text
  4. Save

Users must accept terms:

  • Before accessing portals
  • Terms display on first visit
  • Acceptance is logged

Customizing Terms

Enter your terms text in the editor:

  • Use plain text or basic formatting
  • Include relevant legal language
  • Update as needed

Users see updated terms on next visit if changed.

Session Security

Session Timeout

Configure how long sessions remain active:

  1. Find Session Settings
  2. Set timeout duration
  3. Save

Options:

  • 1 hour
  • 4 hours
  • 8 hours
  • 24 hours
  • 7 days

Shorter timeouts are more secure but less convenient.

Remember Device

Control "Remember this device" functionality:

  • Enabled - Users can skip MFA on trusted devices
  • Disabled - MFA required every sign-in

Audit Logging

Vault Access Logs

Track who accesses portals:

TierLogging Level
ProfessionalBasic (recent activity)
BusinessStandard (30 days)
EnterpriseExtended (1 year+)

What's Logged

Audit logs capture:

  • User identity
  • Action performed
  • Timestamp
  • IP address (optional)
  • File/portal affected

Viewing Audit Logs

Business & Enterprise

Audit log viewing in the UI is available on Business and Enterprise plans.

  1. Open a portal
  2. Click Activity or Audit
  3. View chronological activity

Or for organization-wide:

  1. Go to Settings
  2. Find Audit Logs
  3. Filter and search logs

Single Sign-On (SSO)

Enterprise

SSO is available on Enterprise plans.

Connect to your identity provider:

Supported Providers

  • SAML 2.0
  • Azure AD
  • Okta
  • Google Workspace
  • OneLogin

SSO Configuration

  1. Contact support to enable SSO
  2. Provide your IdP metadata
  3. Configure user provisioning
  4. Test the connection
  5. Enable for users

SSO Benefits

  • Centralized user management
  • Single password for users
  • Automatic provisioning/deprovisioning
  • Enhanced security

Compliance

HIPAA Support

Enterprise

HIPAA support is available on Enterprise plans with BAA.

For healthcare organizations:

  • Business Associate Agreement (BAA) available
  • HIPAA-compliant storage and transmission
  • Audit logging for compliance
  • Additional security controls

SOC 2

Enterprise

SOC 2 compliance support is available on Enterprise plans.

Zapa maintains SOC 2 Type II certification:

  • Annual audits
  • Security controls documented
  • Compliance reports available

Contact sales for compliance documentation.

Security Best Practices

For Administrators

  • Enable MFA enforcement
  • Use short session timeouts
  • Review audit logs regularly
  • Limit admin access
  • Keep user list current

For Users

  • Use strong, unique passwords
  • Enable MFA
  • Don't share accounts
  • Sign out on shared devices
  • Report suspicious activity

Troubleshooting

MFA Not Working for Users

  1. Check MFA is set up correctly
  2. Verify device time synchronization
  3. Have user reconfigure MFA if needed
  4. Use backup codes if available

Users Locked Out

  1. Admin can reset MFA
  2. Send password reset
  3. Check account isn't disabled

Audit Logs Missing Data

  1. Verify logging is enabled
  2. Check retention period
  3. Contact support for older logs