This tab holds the options and selections that enable you to set up the desired level of security for the company.

Figure 1 - The Company Details overlay Security tab

• Always use SSL in surveys – check this box if you want the company to generate all links to limited surveys as secure links, for example https://survey.yourserver.com/wix/pXXXXXX.aspx. The Respondents > Emailing > Secure option will then be chosen by default and locked to prevent changes.

• Always use SSL in Authoring and Reportal – forces all users in this company to use the https:// link for authoring and Reportal. The http:// link will not work.

• Always use encrypted file transfer – check this box to encrypt all data exports, report exports and respondent exports. The setting forces all exports and imports that support encryption to be encrypted. The system cannot prevent the user uploading plain text data files to the client as the encryption is not checked until the import task is actually run, so unencrypted files can lie on the server. However any import tasks will fail if the data file is not encrypted. Note that when the box is checked, to be able to upload respondents for the users in this company, the respondent list must also be encrypted.

Survey Definition imports and exports do not have to be encrypted.

• Always use FTP for file transfer – makes FTP the only option available in the “File transfer” field on the set up page for data exports, report exports and respondent export. The Email option is not available. Data imports and survey import and export are not affected by this setting and do not have to be to/from a FTP server.
• Always use FTP for data exports - check this option to make FTP the only option available in the “File transfer” field on the set up page for data and respondent exports. The Email option will not then be available. Survey import and export are not affected by this setting and do not have to be to/from a FTP server.
• Enforce SFTP (SSH for FTP) - check this option to enforce SSH when using FTP for importing/exporting data.
• Enforce db encryption - if the Database Encryption add-on is licensed for your company (go to Add-on Modules Overview for more information), this check-box becomes available. Check the box to enforce encryption for all new databases for projects administered by the company. Note that this is not retro-active and will only apply to new databases. If you want the databases to be encrypted for existing company projects, the projects must be re-launched and new databases must be created. Encryption only applies to the production survey database, system databases and multimode databases are not encrypted (go to Database Encryption Add-on for more information).
• Restrict data export tasks... - if this option is checked, only users registered to the same company as the survey owner will be able to perform exports on this customer's surveys. Even users with system_admin or company_admin permission will not be able to perform exports if they are not registered with the survey owner's company. Note that any changes to this property are registered in the system activity log with date, time and user id of the user making the change.
• Disable the ability to change email-address when exporting data - check this option to prevent access to the email address field when exporting data. This is intended to reduce the risk that someone accidentally changes this field and thereby sends confidential information to someone who should not receive it. Note that the Override button is still available, however this must then be used with intent so is a more thought-through process.
• Prevent most SaaS service management staff... - check this option to prevent users with SYSTEM_PROJECT_ADMINISTRATE from implicitly being granted access to projects (surveys, polls and panels) in this company. Any user can still gain access to the project, but only if they are explicitly granted permission to do so. Users with SYSTEM_ADMINISTRATE can access all projects irrespective of this setting.
• Enable survey db level auditing - check this option to enable SQL Server auditing at the survey database level. When enabled, all surveys created for this company will have database auditing enabled. This audit log is not accessible through the Forsta Plus user interface.
• Pwned passwords threshold - when a user changes their password, the new password is checked against the pwned password service of haveibeenpwned.com to see if the password is one that is known to have been breached before. This property allows you to specify the maximum number of times a new password can be found in previous data breaches before it will not be accepted. The recommended setting is 0, which means that if the chosen password appears in the list of breached passwords then it will not be accepted. A blank value disables the restriction. Note that to maintain security only the first 5 HEX characters of an SHA-1 hashed password are sent.
• Use password options – check this box to display the Password expiry days and Password validation code fields.
• Password expiry days – specify how many days the password is to be valid after first use. The system will then prompt the users to change their password. The users will get the message: “Your password has expired. Please change your password.
• Enforce SSO for Professional users - when checked, companies where SSO (Single Sign On) is implemented are forced to only log in via SSO and cannot log in through the normal login page. Note that users with SYSTEM_ADMINISTRATE access can access the system via the login page irrespective of this company setting.
• Company AES key – if Single Sign-on or External Respondent Limited Surveys are to be used, an AES key is required. This key can be entered here, although key validation is not performed on saving. When this value is defined it allows the survey setting to be selected by users; when not defined it is grayed out. The key can be entered manually, but the 'Generate AES key' link should be used as this will create a valid key.

• Cint API Key - The Cint API key is required if you wish to allow the survey scripting function to pass transition information over to Cint. See also the Forsta Scripting documentation.