Security
Security features and best practices
2 min read
Security
SmartWMS provides comprehensive security features to protect your data.
Authentication
Password Authentication:- Strong password requirements
- Account lockout after failures
- Password expiry policies
- Password history
- Go to Profile → Security
- Enable 2FA
- Scan QR code with authenticator app
- Enter verification code
- Save backup codes
Session Management
Session Settings:- Session timeout: 30 minutes default
- Concurrent sessions: Configurable
- Force logout: Admin capability
- Go to Profile → Sessions
- See all active sessions
- Terminate unwanted sessions
IP Restrictions
Limit access by IP address:
- Go to Settings → Security
- Enable IP whitelist
- Add allowed IP addresses
- Save
API Security
API Key Best Practices:- Use separate keys per integration
- Set minimum required scopes
- Rotate keys periodically
- Monitor API usage
- Go to Configuration → API Keys
- Open key
- Add allowed IPs
- Save
Data Encryption
In Transit:- TLS 1.2+ required
- HTTPS only
- Certificate validation
- AES-256 encryption
- Encrypted backups
- Secure key management
Audit Logging
All actions are logged:
- User login/logout
- Data changes
- Configuration changes
- API access
Compliance
SmartWMS supports:
| Standard | Status |
|---|
| GDPR | Compliant |
|---|---|
| SOC 2 | In progress |
| ISO 27001 | Planned |
Security Checklist
For Admins:- [ ] Enable 2FA for all admins
- [ ] Set strong password policies
- [ ] Configure IP restrictions
- [ ] Review user access quarterly
- [ ] Monitor audit logs
- [ ] Keep integrations updated
- [ ] Use strong, unique password
- [ ] Enable 2FA
- [ ] Don't share credentials
- [ ] Log out when finished
- [ ] Report suspicious activity