Acquia provides a comprehensive set of security features that you can use to control who can access your Acquia subscription and how. These features include:
- Teams, roles, and permissions. This feature allows you to assign roles to your team members, with fine-grained permissions that govern what they are allowed to access and do, and allows you to assign members to teams, where each team can have one or more sites in your subscription that they can work on.
- Two-step verification. By default, all users need to sign in with a user name (email address) and password to access an Acquia subscription. You can also enable two-step verification, that requires them in addition to use a trusted device or enter a verification code that they receive by mobile application or text message.
- Session timeout. When you are signed in to the Acquia Cloud UI, your session expires after 90 minutes of inactivity, and you will be required to sign in again with your user name and password before you take any actions that require being signed in. This helps to secure your Acquia subscription.
- Password strength requirements. You can optionally require that any users that sign in to access your Acquia subscription must have a password that meets a password strength requirement, to ensure that their passwords are not easy to guess.
- IP address whitelisting. You can configure your Acquia subscription so that only specified IP addresses on a whitelist can access your account.