Sendbird Security Guide

Sendbird is fully committed to protecting customer data. We offer customers the ability to independently implement a security system that aligns with their specific requirements. Data protection is a shared responsibility between our customers and Sendbird. The security features provided by Sendbird enable customers to work safely and efficiently.

There are two main parts to this guide. It provides guidance on how to secure your organization and account, as well as how to secure your Sendbird app. Please find the table of contents for each section below:

1. Two-Factor Authentication
   Two-factor authentication (2FA) is a secure authentication method that mandates users to verify their identity by providing two or more pieces of factors during login. One factor is something the user knows, such as their username and password. Other factors include something the user has on their device, such as an authenticator app or security key. By requiring multiple forms of verification, 2FA significantly reduces the risk of common threats such as phishing attacks and account takeovers.

2. Single Sign-On
   Single sign-on (SSO) is a method of authentication that allows users to access various applications using a single login and set of credentials. For example, once users log in to your organization, they can seamlessly access all applications from the App Launcher. You have the option to configure your Sendbird organization to trust an external identity provider for user authentication, or you can set up a third-party application to depend on your organization for authentication.

3. Restrict Login IP Addresses
   Control user login access by defining a range of permitted IP addresses. If a login attempt is made from an IP address outside this specified range, it will be denied.

4. Enforce Access Control
   Sendbird assigns a unique email and password to each user, which they must enter at every login. As an admin user, you have the ability to configure various settings to ensure that your users' passwords are secure.

5. Roles and permissions
   Custom roles and permissions provide the ability to manage user access within the Sendbird Dashboard in a way that caters to your needs. They empower organizations to assign specific access rights to different teams or users, ensuring that they have the precise capabilities they need.

1. User Authentication
   Sendbird provides a setting for authenticating SDK users for customers. Depending on each authentication method, you can directly determine whether a user is logged in.

2. Sendbird API Token Security Guide
   Securing your Sendbird Application token is crucial for safely accessing the platform API. This guide outlines best practices for token protection and provides instructions for reissuing tokens when needed.

3. API IP Restriction and Domain Restriction
   Sendbird offers security features to control access to the platform API and SDK through IP and domain restrictions. These measures help prevent unauthorized access by limiting API calls to specific IP addresses and SDK usage to approved domains.

4. API Access Control List Guide
   Sendbird allows you to restrict user actions for flexible app development. This feature enables you to assign appropriate permissions to users tailored to your product.

5. Metadata Security Best Practices
   Metadata stores additional information for Sendbird users, allowing customers to save custom data for their users. Learn about metadata features and guidelines for using them securely in your Sendbird implementation.