Get Started
How Knack Works
Design Your Database
Manage Your Records
Build Your Live Application
View and Share Your App
Do More With Knack
Learn More
Workflow
Connect Related Data
Users & Access
Calculations & Logic
Emails & Notifications
Search & Queries
Reporting & Dashboards
E-Commerce & Payments
Builder Guide
Builder Basics
Tables & Connections
Plan Your Connections: Complex Example
Working With Tables
About Connections
Plan Your Connections: Simple Example
Connection Types
Plan Your Tables
Use Connections in Your App
Connecting Records Together
Special Tables
Connections: Troubleshooting & FAQs
Fields
Numeric Equation Functions
Field Types
Validation Rules
Date Equation Settings
Numeric Equation Settings
Formulas
Equations
Conditional Rules
Text Formulas
About Fields
Text Formula Functions
Records
CSV Format Guide for Importing
Delete Records
Import Records
Export Records
Importing Connections
Working with Records
Batch Updates
Pages
Page Menu
User Pages
Deleting a Page That's Being Linked to
Working with Pages
Navigating the Page Preview
Printing Pages & PDFs
Page Rules
Views
Grid Column Settings
Maps
Source: Which Records Will the View Display
Calendars
Grid Settings
Details
Menus
Using Action Links
Reports
Lists
Rich Text
Combining Fields from Connected Records in Views
Using Record Rules
Forms
Using Display Rules
About Views
Using Submit Rules
Searches
Grids
Users & Logins
Users and the Page Menu
Manage Roles & Permissions
Single Sign-On with Google, Facebook, Twitter, and Custom
Manage User Records
Logins and Registrations
About Users
Live App Security Settings: HIPAA Plans
Live App Security Settings
Tasks & Emails
E-Commerce
App Customization
FAQ
Support
Accounts
How do I cancel my Knack account?
I'm over the storage limit for my account. How do I add more storage or get under the limit?
Need account access or to transfer account access because account owner or colleague left the company
I'm over the record limit for my account. How do I add more records or get under the limit?
Is there an option to pay via invoice, check, wire transfer, or something other than a credit card?
How do I freeze or pause my Knack account?
Where can I find a copy of my receipt or invoice?
How do I add more API calls to my account?
Managing Apps
How do I change the favicon for my app?
How do I backup or export my apps and data?
How can I track what users are doing in my app?
How do I remove the "Powered by Knack" logo at the bottom of my app?
How do I give Builder access to a colleague or developer for one of my apps?
How do I white label my app?
How do I copy an app from my account to another account?
App Building
How do I show multiple dates on a calendar?
How do I add a logo to my app?
How do I find the most recent date from a connected table?
How do I create a field that always shows today's date?
Can I share or connect data between apps?
How do I create an "If, Then" or conditional equation?
How do I merge my apps, or copy pages, tables, or other app elements between my apps?
The menu isn't showing for my app on mobile devices. How do I fix that?
Is there a way to have new users be automatically logged-in after they register?
How do I bulk upload or import multiple files?
How do I move or copy fields or data from one table to another?
How can I show a customer's payment history if I'm collecting payments through my Knack app and through cash or check?
Is there a way to add a display rule to multiple columns at one time instead of having to update each column individually?
Do I need a separate user role table for my Vendors, Customers, Employees, Contacts, etc.?
How can I set up my app so users see only their own data?
Can I combine two date fields into a single date field? For example, combining a start and end date into a single field?
Does Knack offer a service for building apps or have developers I can hire?
How do I bulk upload or import multiple images?
How can I change the color of something in my app?
Is it possible to display more than 100 records at a time on a grid, list, or search view?
Can I?
Can I migrate or transfer data from Zoho, Quickbase, or TrackVia?
Can I add chat or messaging to my app?
Can I sell my Knack apps?
Can I use Knack on mobile devices?
Do you have a sandbox or developer environment?
Can I send SMS or text messages using Knack?
Can I integrate Knack with other data, products, and services?
Can I create invoices and accept payments?
Can I have an app in a language besides English?
Can I email PDFs or other attachments to users with Knack?
Can I add Google Analytics to my Knack app?
Can I migrate my Access, Filemaker, SQL, or other databases?
Can I prototype for others?
Can I customize the look and feel of my Knack pages?
Can I use a barcode or credit card scanner with Knack?
Other
How secure is Knack?
Does the signature captured through a signature field constitute a legally binding signature?
Does Knack offer a partner program?
How does Knack work on mobile devices? Is it mobile-friendly? Can users download my apps?
Is Knack GDPR compliant?
Storing sensitive data (credit cards, social security numbers, etc.)
Will Knack sign an NDA (Non-Disclosure Agreement)?
Which browsers do you support?
How do I batch download all of the images and files In my app?
Imports
I'm seeing an odd character when importing data. How can I get rid of it?
How do I update existing data using an import?
My import is failing or getting stuck. What do I do?
Can I undo or reverse an import?
I'm having trouble importing into a specific type of field. What can I do?
Some of my fields aren't importing correctly. How can I fix that?
I'm having trouble importing into a connection field. What can I do?
Can I import something other than data? Like tables, pages, views, etc?
My import is taking a long time. Can you take a look?
I'm getting an error when importing. What do I do?
Do the validation rules on fields trigger when importing data?
Can I schedule or automate imports?
Can my users import data from the live app, instead of going through the builder/back-end?
I am importing data for the first time. How do I do that?
Can I import data into more than one table at the same time?
How To Guides
Add Functionality to Your Live App
How To Create Discount Codes
Create an Add To Favorites Feature
How to Access Private Records Without a Login
Accept Payments in a Live App
Manage Your Records
Use an Edit Form to Create Records If They Don't Exist
Track Which User Last Updated a Record
Copy a Record Using Record Rules
Track When Records are Created and Updated
Create a Version History for Records
Use Zapier to Insert Connected Records
Work with Connected Records
How to Show Multiple Fields in Your Connection Drop-Down
Showing Parent-Child Records in the Live App
Forms
How to Create Dynamic Dropdowns in Forms
Add Read-Only Fields to a Form
How to Change the Layout of Forms
Create a Multi-Part Form
How to Allow Users to Add New Options in Forms
How to Add Instructions to a Form
How to Customize the Text on a Submit Button
How to Automatically Capture a User’s Location on a Form
How to Use URL Variables to Pre-Populate a Form
Customize Views
How to Add a Map to a Details View
How to Add Connection Links to Views
How to Add Inline Editing to a Grid
Create a Print-Friendly Invoice Page
How to Click on an Image to Go to Another Page
How to Add Groupings to a Grid
Users & Logins
Force Users to Reset Their Passwords
Save a User's Payment Method
Create a Single Login Page for Multiple User Roles
Add Read-Only Access For Users
Show Records Connected To The Logged-in User's Company Or Other Group
Show Records Connected to the Logged-in User
Create an Admin User Role to View All Records
Workflow & Automations
Add a Pipeline to Your App
Create a Registration Form with Limited Availability
Add Stages to Your App
Store Multiple Images or Files for Individual Records
Use Multiple Image Sources for a Single Image Field
Create a Button or Link that Updates a Field to a Custom Value
Notify a User That an Item is Ready for Review
Add Assignments to Your App
Using Mailchimp
Approve New Records Before Displaying Them
Workflow Tools
Add Notification & Reminder Emails to Your App
Add Status Indicators to Your App
Logic, Equations & Formulas
Start an Auto Increment Field from Any Number
Display a Message When a Deadline is Approaching
Generate Simple Numeric Barcodes Automatically
How to Set a Random ID
Calculate Age in Years from a Birthday
How To Number Line Items
Show Upcoming Birthdays
How to Extract the Start and End Dates from a Date/Time Field
How to Display Multiple Date Formats Using a Single Date Field
Reports, Queries, and Summaries
App Walkthroughs
Build an Inventory Manager App
Build a Quiz App
Build a Warehouse Manager App
Build a Member Directory
Build an Orders App
Build a Map Directory or Store Locator App
Images & Files
Manage Your Account
Manage Your Account
About Knack Accounts
Account Plans and Billing
Managing Your Apps
Managing Your Account Settings
Sharing Apps With Shared Builders
App Settings: Map Provider
Script Attack Protection: Whitelisted Custom Code Elements and Attributes
Script Attack Protection: Protected Areas
Security & Infrastructure
Security Best Practices
Knack Status
Data Locations
Builder Security Settings for All Knack Plans
Builder Two-Factor Authentication
Performance
Table of Contents
- All Categories
- Builder Guide
- Users & Logins
- Live App Security Settings: HIPAA Plans
Live App Security Settings: HIPAA Plans
Updated
by Danielle Kellogg
Here at Knack, we take the security of your data seriously. We know that as a hospital, health care provider or anyone who works with Personal Health Information (PHI) in the United States, you are bound by specific privacy requirements when it comes to the data of those patients. As a HIPAA compliant software provider, you can use Knack to create database applications for storing and managing your PHI.
This article describes the Live App security settings in Knack which are included in the HIPAA plan. For Builder security settings always available for all Knack plans, please see our "Builder Security Settings" article.
What do I need to use Live App Security Settings on a HIPAA Plan?
In order to access these security settings in your Knack apps, you’ll need to have purchased the HIPAA plan on your Knack account.
Where do I access Live App Security Settings on a HIPAA Plan?
The location of each of these settings is outlined in the detailed sections below.
Summary of Settings
- Inactivity Logout: Being inactive for 15 minutes logs you out of the Live App. Options: 1, 5, 10, 15, 30, 60 minutes
- Passwords: No common passwords, minimum of 8 character passwords. Options: 1 number, 1 special character, 1 uppercase character, 1 lowercase character, password expires every 60 days, can't use last 3 passwords
- Failed Logins: Lockout after 3 failed attempts within a 15 time period, lockout for 15 minutes after the failed attempts, sends user an email when they've been locked out. Options: Allow user to request password to reset account, send user an email no lockout
- IP Whitelisting: targets a Live App and which IP addresses can access that Live App
- Secure Browser: When an HTTP:// URL is accessed, it automatically redirects to the HTTPS:// version.
Inactivity Logout
Inactivity logout provides security measures to automatically log out your users when they are inactive within the Live App.
HIPAA Requirements & Defaults
By default, the inactivity logout is turned on and is set to automatically log out the Live App user after 15 minutes of inactivity. It can be disabled.
Activation
Inactivity logout settings can be enabled from the Settings section of the Builder under the User Logins.
This setting is enabled by clicking the checkbox next to “Automatically log out after 15 minutes of inactivity”. From there, you can change the default logout time and edit the message that appears on-screen to users 1 minute before the specified logout time.
Be sure to click “Save Settings” at the bottom of the page to save your requirements.
Options
Knack’s available options for inactivity logout:
Description | Default | Options |
Automatically log out after X minutes of inactivity | 15 | 1, 5, 10, 15, 30, 60 |
Inactivity Message (this message is editable) | Still there? If so, click “Remain Logged In” below. |
Passwords
Requiring longer and more complex passwords is a good way to help ensure that your Live App pages are secure.
HIPAA Requirements & Defaults
By default, the password requirements turned on are and cannot be disabled:
- A minimum of 8 characters
- No common words
Activation
Password settings can be enabled from the Settings section of the Builder under the User Logins.
This setting is enabled automatically. You can check or uncheck the boxes to include the password requirements you desire your users follow when creating passwords.
You can also have the customer’s passwords expire every 60 days (this message is customizable) and make sure they don’t use their last three passwords (this message is customizable).
Be sure to click “Save Settings” at the bottom of the page to save your requirements.
Options
Knack’s available options for passwords:
Description | Default |
Passwords for an app must include: | |
Minimum 8 characters | enabled |
No common passwords | enabled |
Must include at least 1 number | disabled |
Must include at least 1 special character | disabled |
Must include at least 1 uppercase letter | disabled |
Must include at least 1 lowercase letter | disabled |
Additional Settings | |
Expire every 60 days (this message is editable) | Your password has expired, please reset it below. |
Cannot reuse last 3 passwords (this message is editable) | You cannot use a password you've previously used. Please try a different one. |
Failed Logins
Failed login settings help to prevent brute force attacks (also known as brute force hacking). This is a trial and error method used by application programs to access secured data behind login access through exhaustive effort (using brute force) rather than employing intellectual strategies. Knack’s failed login settings help to provide protection against these repeated login attempts.
HIPAA Requirements & Defaults
The default of locking out Live App users after 3 failed attempts within a 5 minute time period for 15 minutes is applied to HIPAA apps and cannot be edited or disabled.
Activation
Failed login settings can be enabled from the Settings section of the Builder under the User Logins.
This setting is automatically enabled, but can be disabled by clicking the checkbox next to “Lock out users after too many failed logins”. From there, you can change the default number of failed attempts and length of times before a user can attempt to log in again. The message that appears on screen when users have been locked out is editable. Another option sends an email to the user if they’ve been locked out and/or allow them to reset their password again themselves.
Be sure to click “Save Settings” at the bottom of the page to save your requirements.
Options
Knack’s available options for brute force login prevention:
Description | Default | Options |
Lockout after X failed attempts within a X time period | 3 || 15 | 3, 5, 10 || 1, 5, 15, 60 |
Lockout for X (length of time) after the above-failed attempts | 5 | 5, 15, 60, 1 day, Forever |
Lockout message (this message is editable) | Account locked due to too many failed login attempts. Please wait before trying again. | |
Allow user to request password reset to unlock account | disabled | NA |
Allow user to request password reset to unlock account (this message is editable) | You may also <a href="/#/knack-password/forgot">reset your password</a> to unlock your account. | |
Send user an email when locked out | enabled | NA |
Email message (this message is editable) | For your security, we're alerting you to the fact that your account has been locked out due to too many failed login attempts. If this was not you, please alert your admin right away. |
IP Whitelisting
IP Whitelisting targets a Live App and which IP addresses can access that Live App, both for hosted and embedded apps. It is not currently possible to use this feature to block any particular IP addresses or range of addresses.
This feature does not affect access to the API in general. The API is secured by API keys so additional IP protection is not needed.
HIPAA Requirements & Defaults
There are no requirements or defaults for this security setting on
Activation
IP whitelisting can be enabled from the Settings section of the Builder under the App Settings > Security tab.
This setting is enabled by checking the checkbox next to this setting. Be sure to click “Save Settings” at the bottom of the page to save your requirements.
Options
There are no options for this security setting.
Secure Browser
With this setting enabled, if anyone accesses your Live App on HTTP://, they'll automatically redirect to the HTTPS:// version.
HIPAA Requirements & Defaults
This setting is automatically enabled for apps on a HIPAA plan, but can be disabled by unchecking the box next to “Force the browser to use HTTPS to encrypt all traffic.”
Note that turning this off is done at your own risk and would potentially open your users up to being able to access your App via a non-secure endpoint (HTTP instead of HTTPS).
Activation
Secure browser settings can be enabled from the Settings section of the Builder under the App Settings > Security tab.
This setting is enabled by checking the checkbox next to this setting. Be sure to click “Save Settings” at the bottom of the page to save your requirements.
Options
There are no options for this security setting.
Notes & Troubleshooting
- For more information on keeping your apps secure, check out our Security Best Practices.
- HIPAA accounts cannot currently add template apps to the dashboard.