Keep your company data in check by assigning custom policies to different teams and departments. Policy Templates provide a user management system where admins can set up security protocols, define allowed devices and limit features like sharing, folder creation and sync.
Two-step verification
Two-step verification puts an extra authentication step to the login process: users have to enter a randomly generated verification code before they can log in to Tresorit with their password.
Optional: Keep this setting optional if you want to let your users decide if they want to use an extra authentication made.
Required: Users on this template will be required to set up at least one authentication method. They can decide to set up secondary and tertiary authentication channels as they like.
Permanent deletion
If you choose to permanently delete items, all the data will be deleted from our servers, your computer, devices and shared accounts. This policy setting affects user accounts, folders, and files.
Enabled: Users will be able to delete their account, owned folders, and files in fodlers where they have Editor, Manager and Owner rights. They can also remove inactive links during the 90-day retention period.
Disabled: Users will receive an error message when they try to permanently delete items. This also mean that they won’t be able to reset their account until this policy is active. They won't be able to remove inactive links, which are kept for a 90-day retention period.
Allowed devices
Tresorit is currently available on Windows, Mac, Linux, iOS, Android, Windows Phone and in Web Browsers. Set allowed devices for your subscription and limit access to certain platforms.
When you disable a device, users on the policy template won’t be able to log in to their Tresorit account from that platform.
IP filtering
In certain cases, it may come in handy if you can limit access to confidential data to your company’s office. Set up IP filtering to limit Tresorit access to certain geographic locations.
After IP filtering is enabled, you can set up multiple locations where your users can access Tresorit. When they try to log in to Tresorit from another location, they will receive an error message. It is recommended to transfer your own account to another template before you apply IP restrictions.
Link
Shared links provide an easy and convenient solution if you need to share files with clients or partners who do not have a Tresorit account. Everyone who has your link can download its content, which makes this method efficient and accessible to anyone. However, with so many people in the flow, it may become challenging follow-up on content circulation.
With link sharing enabled, everyone with a manager or owner right can create Links to files and folders. Turn off link sharing globally to better control your content.
Apply link restrictions
Protect confidential company data by enforcing passwords, expiry dates and open limits on every new link your users create. Keep track of content downloads with access logs and email verification. You also have the option to disable downloads on shared links, and to enforce using secure links instead of email attachments in Outlook.
Auto-deletion for shared files
Automatically delete sensitive files that were intended to only be shared (and not stored) once the shared link is revoked or expires. This removes the need for constant monitoring of your shared document's lifecycle both for you as a workspace admin and your users.
We recommend enabling auto deletion and enforcing expiry dates on links together. If you had access logs set, the logs of inactive links are available for up to 90 days after the link becomes inactive. Once the file is deleted the access log will get deleted as well.
Only allowed users can access: This option provides a way for Enterprise admins to control the Whitelisting feature. Define the exact list who the end-users can share links and Folders with. Introduce more granular restrictions to avoid unintended (external) share.
Session control
Customize session length to determine the number of days your users can stay signed in to Tresorit. After the session expires, users will be logged out automatically on all devices.
Long sessions are efficient, since your users don’t have to sign in frequently. However, if you keep sessions too long, they may forget their password. Keep sessions short for maximum security.
Email Settings
Select the type of emails your users may receive from us. This setting will apply to all users included in the policy.
📝Note: If the policy will be deleted, users can set their own email subscription settings again. The status of the subscription will remain as the admin set it before turning off the policy.
Remember me
Checking Remember me on the login page will keep you signed in to Tresorit on your desktop and in web access. Admins can hide this feature for their users to avoid long sessions and to maximize security.
Enabled: Tresorit will remember login details and automatically sign in your users on startup.
Disabled: Tresorit will not remember login details and your users will have to re-enter their login details on every startup. When users are signed out, Tresorit won’t sync or install updates until they log back in.
Shared contacts
The contacts tab on your Tresorit app shows Tresorit users you are connected with.
Enable this setting to share contacts between users of the subscription. Users with shared contacts will see every Tresorit user from the subscription and users invited to folders shared with them.
Folder creation
Tresorit users can create their own folders by default to store data and share files and folders with others. It may come in handy to disable this feature for certain user groups.
If you want to oversee who is invited to the folders in your subscription, turn off folder creation for your users. This way you can create folders for everyone and monitor who can access content across the subscription.
Folder sharing
You can apply a global setting to manage sharing in all folders your team is invited to. Disable folder sharing for certain teams, enable it for others, or limit folder sharing to your subscription.
Enabled: Your team members can share fodlers as they want as long as they have the folder-level permission to do so.
Only for subscription members: Users on this template can only share folders with those who are also in your subscription. If your team members misspell an email address by accident or invite someone outside of your domain, Tresorit will automatically reject their sharing request.
📝Note: This setting only applies to users in your subscription. External collaborators will be able to reshare the fodlers they are already invited to. You can check which fodlers are shared with external collaborators from the Users tab in your Admin Center. Click on a user’s name, then navigate to the Folders tab and click Members to bring up a list of collaborators.
Only allowed users can access: This option provides a way for Enterprise admins to control the Whitelisting feature. Define the exact list who the end-users can share links and folders with. Introduce more granular restrictions to avoid unintended (external) share.
Disabled: Even if users are owners or managers in a folder, they won’t be able to invite other members to join.
Folder synchronization
Tresorit automatically updates files, ensuring that everyone in a shared folder can access the most recent file versions. Users can also sync folders to their computer or upload local folders to the cloud as a synced folder.
Storing files exclusively in the cloud minimizes the possibility of data leaks even if other security mechanisms like hard-drive encryption are broken. Protect confidential company documents by turning off sync.
Still have questions left? Drop us a line