Security FAQs

General

Question: Does the application use unsupported, insecure, or deprecated client-side technologies such as NSAPI plugins, Flash, Shockwave, ActiveX, Silverlight, NACL, or client-side Java applets?

Answer: No. The client-side code is exclusively JavaScript.

Question: Does Snaplogic provide CSRF protection?

Answer: Yes.

Session management

Question: What are the minimum session soft and hard timeouts?

Answer: Environment admins (Org admins) can configure the session timeout and idle timeout. Both can be between 5 min to 60 min.

Question: Is the user prompted to log in once the session has expired?

Answer: Yes.

Question: Is sensitive data removed from the browser/application after the session has expired?

Answer: We do not store sensitive data in the browser.

Question: Does the application support concurrent logins?

Answer: Yes.

Question: Does the application provide a list of logged-in devices / IPs and an option to log a device out?

Answer: Not currently.

Communication Protocols:

Question: What HTTP protocol version does the SnapLogic Platform use?

Answer: HTTP 1.1.

APIs

Question: Do the application endpoints / APIs have anti-automation controls? i.e., rate limiting protection/CAPTCHA.

Answer: Yes. Each Org has a concurrent and daily API limit. Any request over the limit receives an HTTP 429 response.

SSO

Question: Why did a user receive this error message: SSO login can't be used for users that are members of orgs that have different identity providers. message stating SSO login can't be used for users that are members of orgs that have different identity providers.

Answer: All environments that a specific user belongs to must be configured with the same IdP application integration. Refer to SSO for more information.