Corporate account can be accessed on the left-side panel – Corporate account.
Corporate account owners and managers can apply custom security settings on the corporate account level in Settings → Corporate account → Security.
Session duration
This feature enhances security by automatically signing users out after a set idle period, reducing the risk of unauthorized access. By implementing custom session durations, organizations can better align with security best practices while maintaining control over user access.
Enhanced security: shorter sessions help prevent unauthorized access if a device is left unattended.
Compliance readiness: supports security frameworks such as NIST, helping organizations meet compliance requirements.
Enterprise control: allows businesses to enforce stricter session policies, especially when working with external users who don't use Single Sign-On (SSO).
ℹ️ Available with Premier and Enterprise subscriptions only.
You can define how long a session remains active before a user is automatically signed out from the web or mobile application due to inactivity. To customize session duration:
Under Session duration field, select the desired value from the available options:
30 minutes
1 hour
24 hours
14 days
Click Save to apply the changes.
Once a session duration is set, it applies to all users invited to the corporate account directly or through any projects under that corporate account.
💡 The new session duration will take effect on new sign-ins only. If a user is already signed in at the time of the change, the new setting will only apply after their next login.
⚠️ Custom session durations do not apply to the desktop application and working with encrypted documents.
Password requirements
Custom password requirements strengthen account security by allowing organizations to define rules for password length and expiration. By setting password standards, businesses can enforce consistent security practices and reduce the risk of compromised credentials.
Enhanced protection: strong and regularly updated passwords lower the chances of unauthorized access from credential stuffing or brute-force attacks.
Compliance readiness: aligns with industry standards like NIST and ISO, helping organizations meet password policy requirements.
Enterprise control: enables administrators to tailor password policies based on user roles, risk levels, or whether users authenticate through SSO.
ℹ️ Available with Premier and Enterprise subscriptions only.
Minimum length
To increase the minimum required password length:
Under the Min length field, select the desired number of characters:
8 (default)
12
16
Click Save to apply the changes.
Expiration
By default, the password has no expiration date. You can define when the password should expire and require users to change it after a selected period of time. To set password expiration:
Under the Expiration field, select the desired number of days:
60
90
180
360
Click Save to apply the changes.
💡 New password requirements will apply to users who register, sign in with a password or reset it, or create/change their password in account settings after the new policy is enforced.
⚠️ Custom password requirements do not apply to the desktop application and working with encrypted documents.
Notifications about password expiration
You will receive email notifications 14 days and 1 day before your password expires.
Each email includes a unique link to reset the password, valid for 24 hours. The link leads to the password reset flow. If you are signed in when you reset your password, your current session will be terminated after the reset, and you will need to sign in again using the new password.