Are you new to monday.com and feeling a little lost when setting up your Enterprise account? We're going to take you through everything you need to know when it comes to security and permissions so that you can protect your data and restrict changes within your account exactly the way that suits your team! Let's get started!
What is an account admin?
When you first create a monday.com account, you become the admin of the account by default! At this point, you have the option to make other team members additional admin. But what does this mean? The account admin has the ability to oversee and regulate the entire account; managing everything from users and boards to security and billing.
This allows for one team member (or more if you choose) to manage their team effectively and securely. To learn more about account admin and everything they can do, read this guide.
Organize your account
When we think about the organization of our account, it can be helpful to think about it as a giant filing cabinet! Each Workspace is like a cabinet or drawer where we keep related documents together. Within each workspace, we have several folders, which add another layer of classification to our cabinets or workspaces. Within each folder, we can keep related boards, dashboards, workdocs, and more, just as we would keep related documents in a physical folder!
Let's go over each of them:
Workspaces are giant folders that hold related contents of your account. They are here to help your organization better so you can manage multiple departments, teams and projects in one unified place. Now, let's take a look at the types of workspaces:
- Open Workspace - visible to any account member, and open for anyone to join
- Closed Workspace - only the icon is visible to everyone in the account, and indicated with a lock symbol. Only members of the workspace can see boards in this workspace
For more information, make sure to read this!
A board is where you can manage any of your workflows. You can think of it as a structured, virtual whiteboard where projects are stored as a way to keep track of everything from everyday tasks to month/year-long projects. Let's understand the different types of boards:
- Main Board - visible to anyone who is a team member within your account
- Private Board - can only be seen by the person who created the board and by the specific users they invite to join this board
- Shareable Board - allows you the ability to share a board with people outside your team or company, such as clients, interns, or freelancers
To learn more about types of board and how to use them, check out this article.
Dashboards are a great way to display what's important in just one place. You can load it up with widgets to understand project progress, track budget, estimate teammates workload and much more. There are two types of dashboards:
- Main Dashboard - can be viewed and interacted with by any account members
- Private Dashboard - visible only to dashboard subscribers
To learn more about types of dashboards and how to use them, check out this article.
Understanding the different permissions
An important part of this organization is making sure that the right people inside your account can view or edit certain data. This is completely customizable on the workspace level, board level, column level, and even the item level! The chart below shows how the different types of boards are visible to your account members in the two types of workspaces:
Not only can you restrict who in your account views certain data, but you can also restrict who can create and edit data! Let's take a look at some of these restrictions:
- Workspace permissions
You can set up workspace permissions to restrict creation actions within the Workspace! From the "Permissions" tab in the Admin section, you can limit who on your account can create Private, Shareable and Main boards, who can create dashboards, and who can create automations in the Workspace. Check out this article to learn more about Workspace permissions!
- Dashboard permissions
Unlike boards, only dashboard owners can edit the dashboard itself and the apps and widgets within the dashboard, while viewing depends on the type of dashboard. On a Main Dashboard, anyone on the account can view the data and make themselves a subscriber. On Private Dashboards, subscribers must be invited by a dashboard owner. Since dashboards are connected to more than one board, subscribers of Private Dashboards will only be able to view the data if they are members of all of the connected Private/Shareable Boards.
This article will tell you everything you need to know about dashboard permissions!
- Board permissions
Within each board, the board owner(s) have the ability to control what information can be changed or edited by other board members. These permissions can be located by clicking on the three-dot menu on the top right of your board and selecting "Board permissions". To learn more about board permissions, read this article.
- Column permissions
With column permissions, board owners are given the option to control which columns can be seen or edited by others on the board. This is especially helpful if you have some sensitive information you don't want some users to see or change! Head over here to learn everything there is to know about column permissions!
- Item permissions
With item viewing permissions, board owners can decide whether they'd like all users with board access to be able to view all items on it, or whether users will be able to see only the items assigned to them. This provides another layer of control and ensures collaboration in one space, without jeopardizing access to sensitive data. 🙌
Check out this article to learn all about it.
- Account permissions
From the Admin section, you can customize which account members can perform certain actions within your account:
Head over here to learn more about account permissions!
Your team's privacy and security are one of our top priorities! We know that you put your trust into monday.com every day to keep your team's information secure and assure you that responsible custodianship of your data is one of the core values of our company.
As well as all data being encrypted and backed up hourly (with critical data backed up every 5 minutes), we also track all the latest security community outputs, promptly upgrade our services to fix new vulnerabilities, and constantly make sure we are using the latest technology available.
In addition, your account is secured with two-factor authentication, an audit log, and more advanced security features. Let's check them out:
- Two-Factor Authentication
(TFA/2FA) is an extra layer of security that requires not only a password and username but also an extra piece of information in order to log in. On our platform, you have two 2FA options to log in to your account - either by a text sent to your mobile phone or by using a code from an authentication app. The goal of TFA is to make it harder for potential intruders to gain access to your account and steal your personal data or identity. You can read this article for more information.
- SAML Single Sign-on
Security Assertion Markup Language (SAML) gives users access to monday.com (SP) through an identity provider (IDP) of your choice. It works by transferring the user’s identity from one place (the identity provider) to another (monday.com). Enabling SAML through monday.com can be done in few easy steps! Check out this article to learn all about it and how to set it up. We are currently working with four main SAML providers: OKTA, OneLogin, Azure AD, and Oracle, but we also offer you the option to custom SAML 2.0 with the provider of your choice.
System for Cross-domain Identity Management (a.k.a. SCIM) is a protocol for user management across multiple applications. It allows an IT or Operations team to easily provision (add), deprovision (deactivate), and update user data across multiple applications at once. It can be set up with Azure AD, OneLogin, or OKTA.
You have the ability to enable HIPAA compliance on your account! The Health Insurance Portability and Accountability (HIPAA) act is designed to help protect people’s healthcare data. Organizations such as hospitals, doctors' offices, health plans or just any company dealing with protected health information (PHI) are required to be HIPAA-compliant. This may also extend to companies that work with these businesses and come into contact with PHI on their behalf. This article goes into even more details about what it entails and how to activate compliance.
- Audit Log
The Audit Log can be accessed from the "Security" tab of the Admin section. gives account admin a detailed report of all account security-related activity. In this section, you can see when users have last logged in and out of the account, from which device, and what their IP address for the session was. The log also displays vulnerable events such as failed logins, the download of attachments, the export of board data, etc. This allows Admins to control and spot any suspicious activities and activate the Panic Button if needed.
- Panic Button
The Panic Button can be activated through the admin section if the admin detects suspicious activity in the account. By activating Panic Mode, your account will momentarily be blocked and no one will be able to access it until the admin of the account sends a request to our Customer Success team.
- Sessions Log
In the "Security" tab of the Admin section, you can view and control the sessions of your account members. The sessions are groups by user, and show their entire session history.
In the event that there are any security concerns with a user or a user's session, the admin can sign out account members right from the Sessions Log. Additionally, from this section, the admin can also select "Log out all account users" on the top right of the screen to instantly log out everyone from your account.
- Session Duration
In the "Advanced" section of your Admin "Security" tab, you can set a Session Duration. Here, you can either set an automatic logout after a certain amount of inactive time has passed for a user, or an automatic log-out for all users after a certain amount of time even if they have been active on the platform.
- General Security
- To review our contract with you, please see our Terms of Service.
- For more information on how we keep your data secure, please review our Enterprise Security & Confidentiality.
Where is my data hosted?
All of your data in monday.com is hosted on a cloud server, which unfortunately means that you cannot back up files and data on your own server. Our servers are stored in multiple data centers of Amazon Web Services across the US. They've devoted an entire portion of their site to explaining their security measures, which you can find here.
We are now offering the option to host your data in the EU! Unfortunately, existing data cannot be moved from the US to the EU, so this option is only possible for new or trial accounts. If you are interested in this option, you can reach out to your product consultant to set it up!
If you have any questions, please reach out to our team by using our contact form. We're available 24/7 and happy to help!