Enhance ProcessMaker Platform Security

Follow security best practices to better secure your ProcessMaker Platform instance.

Overview

Follow these best practices to enhance security in your ProcessMaker Platform instance:​

• Require all users to periodically reset passwords.

• Require all users to log on via SSO to ProcessMaker Platform.

• Verify all user accounts that run scripts.

• Identify invalid and blacklisted IP addresses.

Require All Users to Periodically Reset Passwords

Require all users to periodically reset their passwords.

Enable the User must change password at next login toggle key in each user account to require tat user to change the password prior to next logging on to ProcessMaker Platform.

Require All Users to Log On via SSO to ProcessMaker Platform

Require all users to log on to your ProcessMaker Platform instance via Single Sign-On (SSO), OAuth, OKTA and/or two-factor authentication.

Follow these guidelines:

1. Configure SAML SSO or another ProcessMaker Platform-supported SSO authentication protocol.

2. Instruct all users to authenticate via SSO to log on to your ProcessMaker Platform instance.

Verify All User Accounts that Run Scripts

Verify that all user accounts that run scripts are valid and appropriate.

Review the Run script as setting for all Scripts to determine which user's API client token to use with the ProcessMaker Platform REST API.

Identify Invalid and Blacklisted IP Addresses

Follow these guidelines to identify invalid and blacklisted IP addresses that access your ProcessMaker Platform instance:

1. Ask your Customer Success Manager to provide a list of all IP addresses that access your ProcessMaker Platform instance.

2. Identify the following from the list of IP addresses:

   • Identify which IP addresses on this list are invalid.

   • Identify which IP addresses are blacklisted.

3. Provide your Customer Success Manager an incident report.