Evernote Business Security Features

Single Sign-On

We support the Security Assertion Markup Language (SAML) for single sign-on (SSO) for your Evernote Business users. We act as the service provider and talk to your identity provider. We recommend using this feature to:

  • Allow your employees to use their primary login password for the Evernote service.
  • Enforce custom password policies, such as length, complexity, re-use, and expiration.
  • Configure your own session timeouts to require users to authenticate as frequently or infrequently as you like.
  • Use your own two-factor solution and ensure that all users have it enabled.

Role-based Access

We provide two roles for access within Evernote Business: User and Admin. Administrators have access to the admin console to manage billing information, users, notebooks, and tags. Administrators can promote or demote users between roles. We do not support creating access profiles or privilege templates when granting user permissions to resources.

User Management

As an Evernote Business administrator, we provide you a real-time view of current active and invited Business users. You can use the admin console to on-board and off-board users to your company manually.

For existing Evernote Business customers where personal accounts are linked to business accounts, you can also configure your account to allow anyone from a specific email domain to join, reducing the administrative overhead of manually inviting employees. This option is not available to new Evernote Business customers whose accounts are opened after August 31st, 2017.

When a user joins your business, we send all active administrators an email notification.

Administrators can revoke a user’s access to the business. The next time that user’s client syncs with our service, it will receive the revoke message and remove all business notes and notebooks from the local client.

When an administrator revokes access for a user, we send all active administrators an email notification.

Provisioning and De-provisioning API

We have built an Apache Thrift API that allows you to onboard and offboard employees in a programmatic way. We have also partnered with Okta to provide the same functionality for customers of their solution.

Notebook Management

Evernote Business administrators have the ability to manage all aspects of a business notebook. These include the sharing policy, owner, membership, and each member’s permissions. Administrators also have the ability to export and delete an entire notebook.

Data Recovery

Evernote Business users may delete a note to move it to the trash, but only a business administrator can permanently delete it by emptying the trash, and only from the Admin Console. This prevents a malicious employee from destroying data and allows the business administrator to quickly recover deleted content.