Acquia Cloud provides a comprehensive set of security features that you can use to control who can access your Acquia applications and how. These features include:
- Teams, roles, and permissions - This feature allows you to assign roles to your team members, with fine-grained permissions that govern what they are allowed to access and do, and allows you to assign members to teams, where each team can have one or more applications in your organization that they can work on
- Two-step verification - By default, all users need to sign in with a user name (email address) and password to sign in to the Acquia Cloud interface and access an Acquia application. You can also enable two-step verification, which requires users in addition to use a trusted device or enter a verification code that they receive by mobile application or text message
- Session timeout - When you are signed in to the Acquia Cloud interface, your session expires after 90 minutes of inactivity, and you will be required to sign in again with your user name and password before you take any actions that require being signed in. This helps to secure your Acquia Cloud applications
- Password strength requirements - You can optionally require that any users that sign in to the Acquia Cloud interface must have a password that meets a password strength requirement, to ensure that their passwords are not easy to guess
- IP address whitelisting - You can configure Acquia Cloud so that only specified IP addresses on a whitelist can access your applications through the Acquia Cloud interface
Each of these features controls access to the Acquia Cloud interface and not access to your Acquia Cloud websites or other applications.