Find answers to some of our most common questions about security
Is Klaxon a web application and how to access the dashboard?
Klaxon is a web application available online with secure access. Each organization will be assigned with a URL like https://[companyname].klaxon.io.
Can I access Klaxon via corporate VPN?
Yes, as long as you have internet access via corporate VPN.
Where is Klaxon hosted?
It is hosted securely with Microsoft Azure UK West (Primary) and UK South (Secondary) to maintain high availability of the application. For more information on Microsoft Azure Data Center please refer to link for more information on Microsoft Azure Infrastructure Security.
Does it support Single Sign-on?
Yes, Klaxon supports SAML/OAUTH2 base authentication.
Does it support account and password login?
If Single Sign-on is not setup, all users will have a profile created with a password login.
[Note: it is recommended to setup Single Sign-on for better user experience and one less password to remember. ]
Is complex password supported?
A Minimum complex password is enforced. If Single Sign-on is used, then the password policy will be enforced by the Identity Provider.
Do the accounts get locked with multiple failed attempted login?
Klaxon imposes a 3 failed attempt account lock with a 5-minute wait before retrying.
Can user reset password?
Yes, the user can request a password reset via the link on the login screen.
Does user account have a default password?
Klaxon does not have a default password.
Does Klaxon have any audit capability?
Klaxon holds the application audit log in the database. These are retained for a minimum of 12 months unless asked to be removed by the client.
Is there a joiner and leaver process?
Klaxon support SCIM2 for automated provisioning and de-provisioning linked to the identity platform.
[Note: it is recommended to set up for an organization with a large user base or with high resource turnover i.e. temp resource]
How do I know an email from Klaxon is genuine?
All outbound emails sent from Klaxon is signed with DKIM.
Do you perform any security audit?
We perform weekly external vulnerabilities scan of the Klaxon core application and internal vulnerability scans of the Database platform.
We also engage an external consultant to independently perform penetration testing of the solution on an annual basis.
How do I know Klaxon web application site is genuine?
DNSSEC protocol is enabled adding cryptographic authentication to prevent DNS attack
Klaxon Smartphone App
Is Klaxon App available on Google and Apple App store?
Klaxon App can be downloaded from Google Play Store and Apple App Store.
Does Klaxon App require login?
Users can only sign into Klaxon App with 2 options: - Scan a valid QR code available on the profile setting on the web application. Sign in using a link via an email invite initiated by the administrator.
Does Klaxon App timeout?
For security purposes, the Klaxon app will timeout and require the user to re-login. Login process is simplified making this a seamless process.
Is the App secure?
Data in-transit protection is achieved by establishing secure connection using SSL.
Is your organisation certified with Government backed scheme?
Klaxon is certified and will maintain the 'Cyber Essential Plus' certification.
What is your measure to ensure Klaxon team is compliant?
Klaxon team attends annual GDPR and Information Security training. New joiners will go through this training during the first week of employment.