Security Policy

What is Security Policy?

This panel as a part of your instance settings enables certain security measures that you might need to ensure data integrity / safety, or for compliance reasons. This can include things like enforcing inactivity logout, authentication services, 2FA, or SSO.

For All Paid Plans

Certain security policy settings are available for all paid Xano plans, and include the following:

Allow Direct Query

Redis Key Isolation

Premium Features

Inactivity Logout Time

This setting enables automatic logout of Xano due to inactivity for all team members. If enabled options range between 1 to 24 hours.

Require 2FA

This setting enforces all team members of your Instance to authenticate using 2FA when logging into Xano.

Authentication Enforcement

This setting optionally enforces which authentication service(s) team members can authenticate with.

Allowed SSO Hosts

This setting enforces the email address domains allowed when team members log in. For example, if we wanted team members to only authenticate using Github accounts that use a xano.com email address, we would check Github under Authentication Enforcement and add xano.com as an allowed SSO host.

IP Address Allowlist

This setting enforces certain IPs allowed to access your Xano instance and call your APIs

IP Address Denylist

This setting enforces denying IPs allowed to access your Xano instance and call your APIs

You can access the Security Policy panel by heading to your , clicking the icon next to your instance, and choosing Security Policy from the panel that opens.

This setting determines whether or not use of the function is allowed in your function stacks.

This setting determines whether or not keys you set using are available in other workspaces.