Skip to main content

Enterprise-Grade Security for Your Organization

Zephior provides comprehensive security controls to protect your organization’s data and ensure compliance with enterprise security requirements.

Multi-Factor Authentication (MFA)

Add an extra layer of security by requiring a second form of verification when signing in. Image

Supported MFA Methods

TOTP Authenticator

Time-based one-time passwords via:
  • Google Authenticator
  • Authy
  • 1Password
  • Microsoft Authenticator

WebAuthn / Passkeys

Hardware security keys and biometrics:
  • YubiKey, Titan security keys
  • Touch ID, Face ID (Mac/iOS)
  • Windows Hello

Organization MFA Enforcement

Admins can require MFA for all organization members:
  1. Navigate to SettingsSecurity
  2. Enable Require MFA for all members
  3. Set a grace period for users to enroll (optional)
Trusted Domains: You can skip MFA for users signing in via trusted SSO providers by adding domains to your skip list.

User Self-Enrollment

Individual users can enable MFA for their accounts:
  1. Go to Account SettingsSecurity
  2. Click Enable MFA
  3. Choose your preferred method
  4. Complete the enrollment process

Password Policy

All Zephior accounts follow our secure password requirements:
RequirementSetting
Minimum Length12 characters
Lowercase LettersRequired
Uppercase LettersRequired
NumbersRequired
Special CharactersAt least one (!@#$%^&*)
Repeated CharactersLimited consecutive repeats

Enterprise SSO

Available on Advanced and Enterprise tiers Connect Zephior to your identity provider for seamless single sign-on.

Supported Protocols

  • OIDC - OpenID Connect integration
  • SAML 2.0 - Enterprise SAML integration

Supported Identity Providers

  • Okta
  • Microsoft Entra ID (Azure AD)
  • Google Workspace
  • PingFederate
  • ADFS
  • Any OIDC or SAML-compliant IdP

SSO Configuration

1

Domain Verification

Verify your domain via DNS TXT record
2

IdP Connection

Configure your identity provider connection
3

Test Connection

Test SSO with a pilot user before rollout
4

Enable for Organization

Enable SSO for all organization members

SSO Features

FeatureDescription
Domain VerificationDNS TXT record verification before enabling SSO
Auto-MembershipSSO users automatically added to organization on first login
IdP Email TrustEmail verification skipped for SSO users (IdP already verified)
MFA Domain SkipOptionally skip Zephior MFA for SSO-authenticated users

Session Management

Zephior implements secure session handling:
SettingValue
Absolute Timeout7 days
Inactivity Timeout24 hours
Token ValidationIndustry-standard algorithms

Data Protection

Encryption

LayerStandard
Data at RestAES-256 encryption
Data in TransitTLS 1.3
Token ValidationIndustry-standard algorithms

Multi-Tenant Isolation

  • Each organization has a dedicated, isolated database
  • All queries automatically scoped to your organization
  • Zero data leakage between tenants

AI Data Handling

  • Your content is never used to train public AI models
  • AI services configured with zero data retention
  • All AI operations processed in European data centers

Compliance Status

FrameworkStatus
GDPRCompliant
Swiss FADP (nDSG)Compliant
SOC 2 Type IICertified
ISO 27001Planned

Data Residency

  • Primary hosting: European data centers
  • Swiss hosting option available for Enterprise tier
  • All data processing within EU/Swiss jurisdiction

Role-Based Access Control

Zephior uses a full RBAC system with four default roles (Super Admin, Admin, Member, Viewer), custom roles, and per-source access levels. Permissions are enforced at the data level — including AI-powered search, which is pre-filtered by user permissions so users can only search content they have access to.

Roles & Permissions

Manage roles, access levels, custom permissions, and the full permission reference

Security Best Practices

Organization-wide MFA significantly reduces the risk of unauthorized access, even if passwords are compromised.
SSO centralizes authentication and lets you enforce your organization’s security policies.
Regular audit log reviews help identify unusual activity and ensure compliance.
Keep confidential information in private sources with explicit access grants.

Roles & Permissions

Manage roles, access levels, and permissions

Team Management

Manage users and roles

Audit Logs

Monitor organization activity