LogoLogo
  • PlaceOS Documentation
  • Overview
    • Key Concepts
      • Drivers
      • Interfaces
      • Modules
      • Settings
      • Systems
      • Triggers
      • Zones
    • Languages
      • Crystal
      • TypeScript
    • Protocols
      • MQTT
      • SAML
      • OAuth2
  • How To
    • Configure PlaceOS for Microsoft 365
      • Step 1: Room Calendar Access
        • Create Azure App Registration (Application Permissions)
        • Exchange Calendar Group
        • Limit Application Permissions
        • Configure PlaceOS Calendar Driver
      • Step 2: User Authentication & Calendar Access
        • Create a PlaceOS Authentication Source
        • Create Azure App Registration (Delegated Permissions)
        • Configure PlaceOS Authentication Source
        • Add User Login Redirects
      • Concierge Access
      • Troubleshooting
        • Blocked or Blacklisted IP Error
    • Configure PlaceOS for Google Workspace
      • Google Configuration
        • Create Google Cloud Project & Enable API
        • Configure Google Cloud Service Account
        • Add Google Workplace Permissions
        • Create Google Marketplace App (optional)
        • Google Workspace Service User (RBAC)
        • Configure Access to Google Resource Calendars
      • User Authentication
        • Create a PlaceOS Authentication Source for Google
        • Create Google Cloud OAuth2 Client App
        • Configure PlaceOS Auth Source for Google
        • Add User Login Redirects
    • Deployment
      • Deploy AWS Fargate on Modular CloudFormation Stacks
      • Deploy AWS Fargate on Nested CloudFormation Stacks
      • Writing Import Scripts
    • Analytics
      • MQTT Integration
    • Backoffice
      • Add a Domain to PlaceOS
      • Backoffice File Upload
      • Configure Staff API
      • Calendar Driver
      • Enable Sensor UI
      • Bookings Driver
      • Configure a webhook
    • Authentication
      • Azure B2C
        • Azure B2C Custom Policy Framework
        • Configure PlaceOS for Azure B2C
        • 365 Room Resources on Azure B2C
      • Configure SAML SSO
        • Configure SAML2 with AD FS
        • Configure SAML2 with Auth0
        • Configure SAML2 with Azure AD
        • Configure SAML2 with Google Workspace
      • Configure OAuth2 SSO
      • X-API Keys
      • Bearer tokens
    • Location Services
      • Location Services
      • Area Management
      • Discovering User Devices
      • Locating Users on a Network
      • People Finding with Cisco Meraki on PlaceOS
      • People Finding with Juniper Mist on PlaceOS
    • Notifications
      • Catering Orders
    • User Interfaces
      • Booking Panel App
      • Workplace App
      • Native Booking Panel App
      • Deploy a Frontend Interface
      • Microsoft Outlook Plugin
      • Configure Endpoint Auto Login
      • SVG Map Creation
      • Configuring a default UI
  • Tutorials
    • Setup a dev environment
    • Backend
      • Troubleshooting Backend Failures
      • Import Bookable Rooms
      • Writing A Driver
        • Testing drivers
        • ChatGPT / LLM Capabilities
          • Native GPT Plugins
      • Testing Internal Builds
    • Backoffice
      • Adding Drivers & Modules
      • Add Zone Structure
    • Common Configurations
      • Asset Manager
      • Catering
      • Locker Booking
      • Webex Instant Connect
      • Desk booking
      • Sensor Data Collection
        • Configure Kontakt IO
        • Configuring Meraki
        • Configuring DNA Spaces
      • Elevated Privileges
  • Reference
    • API
      • Real-time Websocket
      • Rest API
      • Staff API
    • Drivers
      • PlaceOS
        • Bookings
        • Staff API
        • Visitor Mailer
        • Lockers
      • Microsoft
        • Graph API
    • PlaceOS Skills
    • Privacy Policy
    • Recommended Products
    • Supported Integrations
    • System Architecture
    • System Functionality & Requirements
    • Infrastructure Requirements
    • Security Compliance
      • FAQ
      • GDPR
      • Security
    • Microsoft Azure Permissions
  • Glossary
  • 🎯PlaceOS Roadmap
  • 🆘PlaceOS Support
  • 👩‍💻PlaceOS Github
  • 📝PlaceOS Changelog
Powered by GitBook
On this page
  • Data in Transit
  • Data at Rest
  • Authentication
  • Privacy
Export as PDF
  1. Reference
  2. Security Compliance

Security

General security and encryption information about PlaceOS

A core challenge that PlaceOS solves is providing a secure way to connect and interact with physical spaces.

Deployments form an interface that isolates individual hardware components and subsystems of a building from direct communications.

Connectivity to these is then provided by a modern API service that supports regular patching and updates to safely support integration.

Data in Transit

PlaceOS APIs and static resources are served over HTTPS only.

Supported Protocols

  • TLS v1.2

  • TLS v1.3

Supported Ciphers

  • EECDH+AESGCM

  • EDH+AESGCM

  • AES256+EECDH

  • AES256+EDH

Unique Diffie-Hellman parameters are generated for each new server.

SSL certificates can be provided and signed by your internal CA or generated by Place Technology and signed by Let’s Encrypt.

Data at Rest

Minimal configuration information is stored on disk as part of the on-premise infrastructure.

All system settings support encryption via AES256-GCM.

This is stored by the data service and includes:

Information Type
Description

System and Zone configuration

  • System (room) / Zone names

  • System / Zone descriptions

  • Room resource mailbox address (if using a calendar integration)

  • System / Zone settings

Device Settings

  • Device name

  • Device description

  • Device configuration

  • Device role based account username

  • Device role based account password (encrypted)

Device metadata

  • 1 month history of online/offline status of each device

User data

  • Email address

  • First and last name

  • Username

  • User’s permissions within PlaceOS application

  • Federated authentication source

The search service stores an optimised index of system, zone and device names and descriptions.

Authentication

All API requests use short-lived Auth tokens obtained via OAuth2.

Authentication for token creation takes place via an external identify service (SSO).

Options include SAML2 and OAuth2.

No PlaceOS components store or have access to SSO user credentials at any point during authentication.

In cases where an external identify provider is not available (dev / staging environments), local role-based accounts may be created.

Credentials for these are encrypted using scrypt (256 bit AES using GCM ciphers) prior to storage.

No “default” passwords exist for these.

Privacy

No information is ever transmitted externally by the platform.

Default deployment configurations do not include any remote telemetry, data collection or remote components.

Information collected by device and service integrations is dependent on driver functionality and versions used.

All drivers are open source and individually auditable within each deployment.

PreviousGDPRNextMicrosoft Azure Permissions

Last updated 3 years ago