Business Security Features
Evernote Business gives you control and ownership over your business content. No matter how the team changes, your company stays in control of the data in business notebooks. This page describes the security-related features currently available to Evernote Business customers.
We support the Security Assertion Markup Language (SAML) for single sign-on (SSO) for your Evernote Business users. We act as the service provider and talk to your identity provider. We recommend using this feature to:
- Allow your employees to use their primary login password for the Evernote service.
- Enforce custom password policies, such as length, complexity, re-use, and expiration.
- Configure your own session timeouts to require users to authenticate as frequently or infrequently as you like.
- Use your own two-factor solution and ensure that all users have it enabled.
SSO only applies when a user tries to access business content. Users must first successfully authenticate to their personal account prior to being prompted for SSO authentication.
We provide two roles for access within Evernote Business: User and Admin. Administrators have access to the admin console to manage billing information, users, notebooks, and tags. Administrators can promote or demote users between roles. We do not support creating access profiles or privilege templates when granting user permissions to resources.
As an Evernote Business administrator, we provide you a real-time view of current active and invited Business users. You can use the admin console to on-board and off-board users to your company manually. You can also configure your account to allow anyone from a specific email domain to join, reducing the administrative overhead of manually inviting employees.
When a user joins your business, we send all active administrators an email notification.
Administrators can revoke a user’s access to the business. The next time that user’s client syncs with our service, it will receive the revoke message and remove all business notes and notebooks from the local client. Depending on the client data storage model, the removal method may involve deleting files off the local storage media or removing rows from a SQLite database.
When an administrator revokes access for a user, we send all active administrators an email notification.
Provisioning and De-provisioning API
We have built an Apache Thrift API that allows you to onboard and offboard employees in a programmatic way. We have also partnered with Okta to provide the same functionality for customers of their solution.
Evernote Business administrators have the ability to manage all aspects of a business notebook. These include the sharing policy, owner, membership, and each member’s permissions. Administrators also have the ability to export and delete an entire notebook.
Evernote Business users may delete a note to move it to the trash, but only a business administrator can permanently delete it by emptying the trash, and only from the Admin Console. This prevents a malicious employee from destroying data and allows the business administrator to quickly recover deleted content.