1. GoCanvas Help Center
  2. Community
  3. Feature Requests

Whitelist with IP addresses (enhanced security)

Chris Tanner

Hi Canvas Solutions,

We want to be able to set a "whitelist" of IP addresses on our GoCanvas account - so that only those allowed IP addresses are able to login to the GoCanvas web-site with our usernames.

We want this because of the European GDPR privacy protection rules which will soon come into force.

2

Comments

7 comments
Date Votes

Please sign in to leave a comment.

  • Official comment
    Sara Kaplow, Community Manager
    Update here: 
     
    While we are now GDPR compliant, this functionality was not required to meet those standards. We take both data security and feature requests seriously, and will consider this as we do other customer requests for product improvements. You can read about our GDPR steps here: https://help.gocanvas.com/hc/en-us/articles/360010186193-Is-GoCanvas-GDPR-compliant- and reference our Privacy Policy: https://www.gocanvas.com/content/about-us/policy/privacy-policy
     
    One thing you might consider to augment control over who's accessing your data is Single Sign On, which doesn't provide this exact functionality, but does give you some more immediate oversight into who's able to log in. 
  • Sara Kaplow, Community Manager

    Wanted to make sure that the information made it here, too - we're working on becoming GDPR compliant. I'll update this post if/when we get more information. 

    1

  • Any news on this?

    1

  • Still no news?

    0
  • AIMS System Administrator

    They just announced they are GDPR Compliant on the last Q4 update..

    https://help.gocanvas.com/hc/en-us/articles/360010186193-Is-GoCanvas-GDPR-compliant-

    0

  • This functionality should be implemented to live up to the safety standards of your safety concerned customers. 

    Information security is the main purpose of GDPR - and basic functionality to prevent unauthorized access, as a white-list is, should be implemented to make your service more secure. Authentication using only email address + password (even a "strong" one) offers a low level of security, and are therefore outlawed by the GDPR - if not used in combination with other security mechanisms (as IP whitelist and/or TFA).

    0
  • Sara Kaplow, Community Manager

    We appreciate the feedback here, and it's something we'll continue to look at as we look to continue to augment all of our security practices beyond what GDPR requires. 

    0

Didn't find what you were looking for?

New post