Evernote Teams Security Features
We support the Security Assertion Markup Language (SAML) for single sign-on (SSO) for your Evernote Teams users. We act as the service provider and talk to your identity provider. We recommend using this feature to:
- Allow your employees to use their primary login password for the Evernote service.
- Enforce custom password policies, such as length, complexity, re-use, and expiration.
- Configure your own session timeouts to require users to authenticate as frequently or infrequently as you like.
- Use your own two-factor solution and ensure that all users have it enabled.
We provide two roles for access within Evernote Teams: User and Admin. Administrators have access to the admin console to manage billing information, users, notebooks, and tags. Administrators can promote or demote users between roles. We do not support creating access profiles or privilege templates when granting user permissions to resources.
As an Evernote Teams administrator, we provide you a real-time view of current active and invited Teams users. You can use the admin console to on-board and off-board users to your organization manually.
For existing Evernote Teams customers where personal accounts are linked to Teams accounts, you can also configure your account to allow anyone from a specific email domain to join, reducing the administrative overhead of manually inviting employees. This option is not available to new Evernote Teams customers whose accounts are opened after August 31st, 2017.
When a user joins your organization, we send all active administrators an email notification.
Administrators can revoke a user’s access to the organization. The next time that user’s client syncs with our service, it will receive the revoke message and remove all notes and notebooks from the local client.
When an administrator revokes access for a user, we send all active administrators an email notification.
Provisioning and De-provisioning API
We have built an Apache Thrift API that allows you to onboard and offboard employees in a programmatic way. We have also partnered with Okta to provide the same functionality for customers of their solution.
Evernote Teams administrators have the ability to manage all aspects of a notebook. These include the sharing policy, owner, membership, and each member’s permissions. Administrators also have the ability to export and delete an entire notebook.
Evernote Teams users may delete a note to move it to the trash, but only an administrator can permanently delete it by emptying the trash, and only from the Admin Console. This prevents a malicious employee from destroying data and allows the administrator to quickly recover deleted content.