Security & Infrastructure
      Back to home
      1. Knowledge Base
      2. Security & Infrastructure

      Live App Security Settings

      This article provides an overview of the security options available within the Knack Builder.

      This article covers the following topics:

      Overview

      Here at Knack, we take the security of your data seriously.

      This article describes the Live App security settings in Knack which are included in the Pro, Corporate, and Plus plans. For Builder security settings always available for all Knack plans, please see our Builder Security Settings article.

      If you have additional needs under US HIPAA laws, please see our webpage and Live App Security Settings: HIPAA Plans article.

       

      Where do I access the Live App Security settings?

      The location of each of these settings is outlined in the detailed sections below.

      Summary of Settings

      • Inactivity Logout: Being inactive for X minutes logs you out of the Live App.

        • Options: 1, 5, 10, 15, 30, 60 minutes

      • Passwords: No common words, a minimum of 8-character passwords. Options: at least 1 number, 1 special character, 1 uppercase character, 1 lowercase character, password expires every 60 days, can't use last 3 passwords

      • Failed Logins: Lock out users after too many failed logins

        • Lockout after: 3, 5, or 10 failed logins 

        • Within a: 1, 5, 15, or 60-minute period

        • Users can be locked out for 5 minutes, 15 minutes, 60 minutes, 1 day, or forever

        • Lockout message available

        • Lockout Email Options: Allow user to request password reset to unlock account and/or send user an email when locked out

      • Embedded Login SecurityCookies or Tokens

      • IP Whitelisting: Targets the Live App and which IP addresses can access that Live App

      • Secure Browser: When an http:// URL is accessed, it automatically redirects to the https:// version.

      • Enable Record HistoryWhen enabled, a history of record changes is available in the Builder. Retention periods for data history vary by plan

      • Purge Deleted Records: When deleting any records, purge all associated history.

       

      Inactivity Logout

      Inactivity logout provides security measures to automatically log out your users when they are inactive within the Live App.

      security1

      Activation

      Inactivity logout settings can be enabled from the Settings section of the Builder under User Logins.

      Note: Users must be enabled before this setting is available.

      To enable this setting, simply check the box labeled "Automatic inactivity log out". This setting applies to users in both the Builder and the Live App.

      Additionally, you have the flexibility to modify the default logout time and customize the message that will be displayed on the user's screen one minute before the designated logout time.

      Tip: Please be sure to click “Save Settings” at the bottom of the page to save your requirements.

      Options

      Knack’s available options for inactivity logout:

      Logout after: 1, 5, 10, 30, and 60 minutes of inactivity

      Inactivity message: You have the option to enter your desired message here.

      Note: Enabling this feature on your app will disable the "Remember me" option on any login pages since it would not be relevant if the inactivity timer logs out a Live App user after a designated period of time.

       

      Passwords

      Implementing longer and more intricate passwords is an effective approach to enhancing the security of your Live App pages.

      Activation

      Password settings can be enabled from the Settings section of the Builder under the User Logins.

      Note: Users must be enabled before this setting is available.

      security2

      These settings are disabled by default. You can check or uncheck the boxes to include the password requirements you desire your users to follow when creating passwords.

      You also have the option to set a password expiration period of 60 days for the customers (this message can be customized) and enforce the rule that they cannot reuse their last three passwords (this message can also be customized).

      Tip: Please be sure to click “Save Settings” at the bottom of the page to save your requirements.

      Options

      Knack’s available options for passwords:

      Description

      Default

      Passwords for an app must include:

       

      Minimum 8 characters

      disabled

      No common passwords

      disabled

      Must include at least 1 number

      disabled

      Must include at least 1 special character

      disabled

      Must include at least 1 uppercase letter

      disabled

      Must include at least 1 lowercase letter

      disabled

      Additional Settings

       

      Expire every 60 days (this message is editable)

      disabled

      Cannot reuse last 3 passwords (this message is editable)

      disabled

       

      Failed Logins

      Failed login settings protect against brute force attacks, also referred to as brute force hacking. These attacks involve application programs attempting to access secured data behind login access by systematically guessing passwords, rather than using sophisticated methods.

      Knack's failed login settings are designed to enhance security by protecting against repeated login attempts.

      security3

      Activation

      Failed login settings can be enabled from the Settings section of the Builder under the User Logins.

      Note: Users must be enabled before this setting is available.

      This setting is not automatically enabled, but can be enabled by clicking the checkbox next to “Lock out users after too many failed logins". From there, you can change the default number of failed attempts and the length of times before a user can attempt to log in again.

      You can input a lockout message that appears on the screen when users have been locked out. Other options available:

      • Allow users to request a password reset to unlock their account

      • Send users an email when locked out

      Tip: Please be sure to click “Save Settings” at the bottom of the page to save your requirements.

      Options

      Knack’s available options for brute force login prevention:

      • Lockout after: 3, 5, or 10 failed attempts

      • Within a: 1, 5, 15, or 60-minute period

      • Users are locked out for: 5, 15, or 60 minutes. 1 day and forever are also options. 

      • Lockout message: You have the option to enter a custom message that will be displayed once a user is locked out.

      • Lockout Email Options: 

        • Allow users to request a password reset to unlock account: You can select the checkbox for this option and provide a message for the password reset.

        • Send the user an email when locked out: You have the option to select this checkbox and enter the desired email message that will be sent to the user.

      Notes:

      • "Users are locked out for" option sets the "Accounts" user role status to "locked". This status can only be changed by sending the user a reset password email.
      • Alternatively, if the option to "Allow user to request password reset to unlock account " has been checked in the User Logins settings, the user can unlock their account and reset their password by utilizing the “forgot?” link on the app’s login page.

       

      IP Whitelisting

      IP Whitelisting allows you to specify which IP addresses can access your Live App, whether it is a hosted or embedded app.

      Notes: However, please note that this feature does not currently support the blocking of specific IP addresses or ranges.

      This feature does not impact the overall access to the API. The API is already secured through the use of API keys, so there is no need for additional IP protection.

      Activation

      IP whitelisting can be enabled from the Settings section of the Builder under the App Settings > Security tab.

      This setting is enabled by checking the checkbox next to this setting. Be sure to click “Save Settings” at the bottom of the page to save your requirements.

      IPs can be added individually (192.168.5.22) or in ranges (one per line). When enabled, only IP addresses listed here will have access to the app.

      To specify IP addresses in ranges, follow these guidelines:

      The accepted format is 192.168.1.0. The zero at the end covers the range from 0 to 255, allowing all IPs within that range under 192.168.1.

      Similarly, if you wish to whitelist a range like 192.168.X.X, it should be entered as 192.168.0.0.

      Please note that partial ranges can not be added. You must list all individual IP addresses within the partial range.

      For example: 192.168.1.10-192.168.1.20 would require adding each IP address separately from 10 to 20.

      security4

      Note: We currently do not support CIDR notation.

       

      Secure Browser

      With this setting enabled, if anyone accesses your Live App using http://, they'll automatically redirect to the https:// version. This setting is an option for all existing apps and is enabled by default for new apps.

      Activation

      Secure browser settings can be enabled from the Settings section of the Builder under the App Settings > Security tab.

      This setting is enabled by checking the checkbox next to the "Force the browser to use HTTPS to encrypt all traffic" setting. Be sure to click “Save Settings” at the bottom of the page to save your setting changes.

      security5

      Enable Record History

      When enabled, a history of record changes is available in the Records view of any table in the Builder. To learn more about record history, see our article here

      security6

      Note: Starting from 10/12/2023, it is required to enable the record history setting in the app settings to have access to the record history for any new apps created going forward. Starting from the specified date, record history is disabled by default for any new apps created.

       

      Purge Deleted Records

      At times, you may receive a request to permanently erase all data associated with a specific customer when dealing with customer information. To simplify this process, we have incorporated a feature specifically designed for this purpose.

      Enabling this setting will result in the permanent deletion of all associated record history and any assets (files or images) that have been uploaded to the record when it is deleted.

      Note: Enabling this setting will not retroactively remove deleted records.

      When enabled, deleted records cannot be restored.

      It's best to only turn this on when fulfilling a Subject Data request under GDPR, HIPAA, or other regulations.

      Note: This will not automatically purge any email history that might be tied to a particular person when deleting their record(s). If that data does need to be purged, reach out to our support team via the chat widget in the Builder or by submitting this form and a member of our support team can assist with this.

      Activation

      Purge deleted records can be enabled from the Settings section of the Builder under the App Settings > Security tab.

      This setting is enabled by checking the checkbox next to this setting. Be sure to click “Save Settings” at the bottom of the page to save your requirements.

      security7

      Notes & Troubleshooting

      • For more information on keeping your apps secure, check out our Security Best Practices.

      • HIPAA accounts cannot currently add template apps to the dashboard.