Security Policy
Last updated
Was this helpful?
Last updated
Was this helpful?
This panel as a part of your instance settings enables certain security measures that you might need to ensure data integrity / safety, or for compliance reasons. This can include things like enforcing inactivity logout, authentication services, 2FA, or SSO.
Certain security policy settings are available for all paid Xano plans, and include the following:
This setting determines whether or not use of the Direct Database Query function is allowed in your function stacks.
Direct Query enables you to not only run basic database functions, such as adding or updating data, but also enables access to more advanced and potentially dangerous SQL statements. Disabling this function helps ensure that team members can't execute functions that they shouldn't be.
This setting determines whether or not keys you set using caching functions are available in other workspaces.
This can be especially important if you have different team members who have access to different, isolated workspaces. Key Isolation helps ensure that in the rare case separate teams use the same keys that there isn't a conflict.
These features are only available via a premium add-on as a part of our Enterprise plan. Contact your Xano representative to learn more.
This setting enables automatic logout of Xano due to inactivity for all team members. If enabled options range between 1 to 24 hours.
This setting enforces all team members of your Instance to authenticate using 2FA when logging into Xano.
This setting optionally enforces which authentication service(s) team members can authenticate with.
This setting enforces the email address domains allowed when team members log in. For example, if we wanted team members to only authenticate using Github accounts that use a xano.com email address, we would check Github under Authentication Enforcement and add xano.com as an allowed SSO host.
This setting enforces certain IPs allowed to access your Xano instance and call your APIs
This setting enforces denying IPs allowed to access your Xano instance and call your APIs
You can access the Security Policy panel by heading to your instance selection screen, clicking the icon next to your instance, and choosing Security Policy from the panel that opens.