User Accounts and System Security Preferences
System Administrators can easily add and/or remove users from their system, and assign them as General Users or fellow System Administrators. Users can also be divided into groups for easier Meeting set-up and granting of access controls.
Role Based Access Control
- User Roles
Users can be granted access rights depending on their User Role (General User or System Administrator). System Administrators are able to configure system settings and manage user accounts on top of basic Convene portal features.
- Meeting Roles
Organizers can assign Meeting Roles to meeting participants. These Meeting Roles define and limit what participants can do during Live Meetings and with the board material
User Logs and Activities
Administrators can track all activity at any level within the application and admin portal: login attempts, file uploads and downloads, file permissions, meeting updates, and changes in user profiles. Reports can also be generated for easier presentation and analysis of data.
Convene supports customised password policies and password expiration periods to ensure that accounts are protected.
Session Timeout and Sign-in Retries
Users are also automatically signed out following the set Session Timeout and have limited Sign-in Retries.
Document Security and Digital Rights Management (DRM)
To minimize exposure of customer data, Convene prevents the copying of document content to other applications. There is no facility available in Convene application context menus or other options to copy the document content via the system clipboard.
Folders or specific documents on the Document Library can be locked with passwords to further restrict access.
- Document Library
Folder owners can allow users or groups to view, download, or edit individual files or folders on the Document Library.
Meeting organisers have the option to limit who can view, download, forward, export, and print documents from Meetings by assigning Meeting Roles. Organisers can opt to restrict access to specific meeting agenda items and/or documents using advanced permission settings.
Scheduled Archival and Disposal
Administrators can schedule the archival and/or disposal of documents after a certain time has lapsed to avoid unauthorised access of files. Temporary files are also never backed up to iTunes and/or iCloud. This can also be configured in specific Meetings, Review Rooms, or Resolutions only.
An additional layer of security can be added to Meetings, Review Rooms, and Resolutions documents with a customisable watermark. Watermarks discourage people from misusing file contents, and helps identify the owners or authors of the content, when it was created or reproduced, and may signify if it is an original or draft copy only.
- Data at Rest
Documents are protected with federal government standard AES 256-bit encryption when stored in Convene’s local storage and web portal.
- Data in Transit
Wireless network transmissions to and from Convene are protected with RSA 2048-bit Transport Layer Security (TLS) encryption, providing privacy and data integrity for file transfers, VPN connections, instant messaging, and the like.
Documents are secured with the use of three-tier key management with random document key, user key, and system key. The cryptographic keys are protected by the use of HSM and other methods, preventing other devices from using them if the application is restored on an unregistered device.
On-the-fly Decryption Model
When a user needs to access encrypted files on storage, only the needed parts are decrypted into memory.
Remote Data Wipe and Automatic Purge
Administrators can delete stored, offline data downloaded to a device. They may also opt to set automatic purging when users sign out of Convene, or when password guessing is detected. [Temporary files are never backed up to iTunes and/or iCloud.]
Lost Device Re-authentication
In the case of lost or stolen devices, session timeouts render data inaccessible unless the device is re-authenticated.
Secure User Authentication
User ID and Password
Only members with registered user accounts may access Convene. They must also input their own, unique password before logging in to the system.
Users can easily log-in to Convene via Touch ID or fingerprint scanning for iOS mobile devices, eliminating the inconvenience of having to type login information every time.
Active Directory Integration
Convene supports the integration of an organisation’s Active Directory (AD) to the app, either through Lightweight Access Directory Protocol (LDAP) or Active Directory Federation Services (ADFS). This ensures that only registered and authorised users within the organisation’s Active Directory can access Convene while eliminating the need for administrators and executives to remember another set of usernames and passwords.
SAML Single Sign-On
Convene supports single sign-on using SAML 2.0. to eliminate the need to repeatedly type in passwords per login.
- One-time Pin (OTP)
Before a user can log-in to Convene, a verification code—which is securely and instantly delivered to the user’s registered mobile number—must be entered. The verification code is a unique, secondary password and is valid for one log-in session only.
- Device Registration
Access to Convene can be restricted to registered devices and browsers.