HomeGuidesAPILog In

Security Settings

Enforce Minimum Password LengthThis enforces passwords to be a number of characters no less than length value entered
Lock out users for 5 minutes after invalid password attemptslocks out users after the number of attempts has been reached
Enforce password historyforces users to no use the same password as a previous password, up to the number of passwords remembered
Enforce password expirypasswords will expire in the number of days specified
Escape Excel FormulasThis option is to avoid unintended formula evaluation. When this option is enabled, an apostrophe is inserted at the front of any value beginning with +, -, @, and =.
length of Access Code generatedspecify the character length of the random access code. This Access code is always one-way encrypted upon generation (and when in storage)
Enable extended login sessionsAllows API login to remain for the number of days specified
Data Encryption KeySee section below
Parent urls that can Iframethis siteEntries get added to the "Content-Security-Policy" response header in the frame-ancestors section. This tells the browser to allow these sites to have Produce in an iframe. Be aware that this also lowers the security on cookies as they have "same-site" set to "none". Multiple urls can be added by separating them by a space.

Data Encryption


WARNING: Do NOT lose the key material

If SmartIQ is no longer able to contact the chosen key wrapping technology, SmartIQ will NOT be able to decrypt or unwrap the DEK. Therefore, your data will be lost.

By default, SmartIQ enables Data Encryption for all cloud environments as well as all new installations by employing an industry standard technique known as key wrapping. Key wrapping is the process of encrypting one key using another key when transmitting and storing data.

SmartIQ uses the Data Encryption Key (DEK) to encrypt the data, which is then encrypted or wrapped using a Key Encryption Key (KEK). The wrapped DEK and KEK are stored/managed in distinct locations. Using key wrapping technologies ensures separation and provides another layer of encryption for different parties.

For example, SmartIQ has the DEK and the customer or tenant has their own KEK. This applies to the SmartIQ environment, as a whole. However, for multi-tenant environments, individual tenants have their own DEKs.

SmartIQ can integrate with the following key wrapping technologies:


Configuration Settings

Contact SmartIQ Support for information on how to configure the settings.

  • Azure Key Vault
  • AWS Key Management Service (AWS KMS)
  • Hardware Security Modules (HSMs) via the PKCS#11 standard

Enabling Data Encryption

The Encrypt Data option will always be on by default for all new installations.

Rotating the Data Encryption Keys

Key rotation is the process of moving to a new Data Encryption Key (DEK). SmartIQ automatically rotates the key every 12 months for compliance with standards.

SmartIQ recommends rotating the DEKs regularly because DEKs are designed to encrypt and decrypt data multiple times. And from the moment of rotation, encryption is performed with the new/current DEK. Stored data might be encrypted using several DEKs over time.

To manually rotate the keys:


User Permission

Only users with Manage Security permission will be able to access the Security settings in Manage and manually rotate the key.

you will see the version and expiration date of the current Data Encryption Key. Rotate and save.



The system may take up to ten (10) minutes for the previous key to be deactivated from the cache. Restart the site to force the system to use the new key.