User Authentication and Networking
What forms of user authentication does Connect Fonts use?
Connect Fonts uses a custom web-based authorization mechanism. We also support single sign-on using either Azure AD or Okta.
What are the security requirements for Extensis passwords?
- Passwords must be a minimum of 8 characters.
- Include a special character - no limits or requirements on the characters that can be used.
- Include a capitalized letter
Passwords for user accounts on extensis.com do not expire; it is recommended that you change your password regularly.
How long do Connect Fonts user sessions last?
- Idle login sessions expire after 30 minutes on https://secure.extensis.com/ and https://connect.extensis.com/
- Login sessions for the Connect Fonts desktop app expire after 30 days
- Most users are rarely asked to login due to when the Connect Fonts desktop application connects to our network to synchronize user information and cloud libraries, the session length is reset.
What network ports and URLs does Connect Fonts require access to?
For full Connect Fonts functionality, the desktop application requires TCP port 443 to be accessible on the following URLs:
-
https://links.extensis.com
-
https://fs.extensis.com
-
https://connect.extensis.com
-
https://connect-api.extensis.com
-
https://auth.extensis.com
-
https://extensis.okta.com
-
https://buy.extensis.com
-
https://d20tcu3k0slplp.cloudfront.net (font CDN)
Additionally, the following sites are required for the Connect Fonts web client login at https://connect.extensis.com/:
- https://cdn01.boxcdn.net
- https://apis.google.com
- https://cdn.polyfill.io
- https://www.dropbox.com
How are user permissions handled in Connect Fonts?
Connect Fonts provides strict permissions to regulate access to administration functions and read/write access to shared cloud libraries.
Access to shared cloud libraries is set on a per-user basis; there are no group- or role-based permissions.
Data Transmission and Storage
What user data does Extensis store for Connect Fonts?
We store font files, font metadata, and organizational data such as shared cloud libraries and user sets. For more information on our data collection and retention policies, see our Privacy Policy.
How is user data protected during transit?
User data (including libraries, sets, and fonts) is sent over HTTPS-secured connections. TLS ( Transport Layer Security ) version 1.2 is used and needs to be enabled.
Is the data at rest and in transit encrypted?
Yes it is encrypted both at rest and in transit
Can Connect Fonts sync fonts from an on-premises server?
Connect Fonts can only connect to Extensis's network of servers. There is no functionality for connecting to an on-premises server.
Maintenance and Updates
How are updates to Connect Fonts handled?
The Connect Fonts desktop application is updated by the end user. The desktop application notifies end users when an update is available.
The Connect Fonts service is managed by the Extensis DevOps team; production updates are deployed into Amazon Web Services when we have changes.
How long are service logs kept and who has access to them?
Logs for troubleshooting and technical support purposes are kept for 14 days. Logs are archived indefinitely in Amazon Web Services storage and accessible by the Extensis DevOps team.
Is intrusion detection and prevention implemented?
Yes, we implement MissionCloud in our environment.
What is your procedure in case of a data breach?
The Extensis Incident Response Team proceeds through the following stages:
- Identification
- Severity classification
- Containment
- Eradication
- Recovery
- Root cause analysis
The Incident Response Team will respond as per the more detailed Incident Response Plan published and maintained by the Extensis DevOps Manager.