Links

Enhance ProcessMaker Security

Follow security best practices to better secure your ProcessMaker instance.

Overview

Follow these best practices to enhance security in your ProcessMaker instance:​

Require All Users to Periodically Reset Passwords

Require all ProcessMaker users to periodically reset their passwords.

Require All Users to Log On via SSO to ProcessMaker

Require all ProcessMaker users to log on to your ProcessMaker instance via Single Sign-On (SSO), OAuth, OKTA and/or two-factor authentication.
Follow these guidelines:
  1. 2.
    Instruct all ProcessMaker users to authenticate via SSO to log on to your ProcessMaker instance.

Verify All User Accounts that Run Scripts

Verify that all ProcessMaker user accounts that run scripts are valid and appropriate.

Identify Invalid and Blacklisted IP Addresses

Follow these guidelines to identify invalid and blacklisted IP addresses that access your ProcessMaker instance:
  1. 1.
    Ask your Customer Success Manager to provide a list of all IP addresses that access your ProcessMaker instance.
  2. 2.
    Identify the following from the list of IP addresses:
    • Identify which IP addresses on this list are invalid.
    • Identify which IP addresses are blacklisted.
  3. 3.
    Provide your Customer Success Manager an incident report.