Intrro has built-in single sign-on capabilities for Google and Microsoft accounts via OAuth 2.0. If a user provisions their account via OAuth 2.0, they'll never need to set a password to log in with Intrro.
Intrro includes three user role levels to help you manage permissions and access throughout your workspace.
Intrro employs industry-standard techniques for password management, encryption, storage, complexity, and reset.
The Intrro web application user authentication system uses Bcrypt to hash and salt user passwords. Each password has a uniquely generated salt, and the 'pepper' is stored independently from the database.
The Intrro web application enforces a strong password complexity standard and require user passwords to have at least:
The Intrro web application prevents brute force attacks (for password based authentication) by locking the targeted user account after 5 failed attempts. A notification email is sent to the user that includes a link that can be used to unlock the account.
In the event that a user forgets their password, a user can request their password be reset via a link that is sent to the user's verified email address. This link expires within a limited amount of time if not used.
Intrro encourages customers and users to leverage a password manager to maintain, store, and fill strong passwords when using Intrro.
Can my organization request to modify the DPA?
We are unable to accept modifications to our DPA.
Have you adopted the new Standard Contractual Clauses?
Yes. In light of the new Standard Contractual Clauses adopted and approved by the European Commission, we have updated out DPA to incorporate the SCCs. You can learn more at New SCCs & the GDPR.