Security - most frequently asked questions
Below, you'll find the answers to the most frequently asked security-related questions:
ApprovalMax supports 2FA via TOTP standard
ApprovalMax is compliant with Xero and Intuit security standards
ApprovalMax goes through a 3rd party penetration test once a year. We do perform regular internal self-assessment in addition to external penetration testing. Details can be shared once an NDA has been signed.
ApprovalMax has a Data Security Policy. Details can be shared once an NDA has been signed.
ApprovalMax has a 98/100 score on the automated security scanning system. Details can be shared once an NDA has been signed.
ApprovalMax has ISO 27001:2022 certification.
ApprovalMax has a standard incident response plan, it is covered in “ApprovalMax Data Security Management Policy”. Details can be shared once an NDA has been signed.
Here is ApprovalMax password policy. We do perform strong checks and automated check against the list of compromised passwords. In case of multiple (6) failed login attempts, users are locked out for 30 minutes.
For questions related to information security, please refer to our Security Portal.
Related Articles
Logout on inactivity
To increase security, ApprovalMax supports a system logout if a user has been inactive for 15 minutes. You can enable this feature in "My profile" under the Avatar: Just toggle the status by clicking on . Consequently, the button turns green and the ...
Support of a 24-hour token expiration
A 24-hour token expiration refers to a security mechanism where authentication tokens, which are generated after successful login or authentication, have a limited lifespan of 24 hours. Once this period elapses, the token becomes invalid and cannot ...
2FA: Frequently Asked Questions
Question Answer What happens if I just don't enable 2FA? If it's Soft Enforcement, you'll see a pop-up prompting you to set up 2FA with every page refresh. However, you can skip it until the next refresh. If it’s Hard Enforcement, you'll be ...
Does ApprovalMax support SSO?
At the moment, ApprovalMax supports Google, Microsoft, Xero, Intuit Single Sign-On. For questions related to information security, please refer to our Security Portal.
Does ApprovalMax support Xero OAuth 2.0?
Yes, ApprovalMax does support Xero OAuth 2.0. Starting from 31 March 2021, OAuth 1.0 is not longer supported for Public and Partner apps.