Security Settings

In the Admin Console under “Settings” then “Security,” Admins have the ability to Require Mobile Device Encryption, Restrict Exporting and Importing, enable a File Attachment Allowlist, and enable an IP Range Allowlist.

mceclip0.png

Require Mobile Device Encryption

Enabling this option will require iOS and Android devices to be encrypted and have a passcode. Toggle to “Enable” to turn this feature on for your entire organization.

Restrict Exporting

Enabling this will prevent users from exporting a document; they won’t be able to download, export to another file type, or print from within Quip. (This won’t affect their ability to share a document with another Quip user, or to print using options outside of Quip.)

Restrict Importing

Enabling this will prevent users from importing documents, either from another service or from their local device. (Users will still be able to upload images and file attachments into documents and chat messages; use the File Attachment Allowlist to control those uploads.) You can choose between restricting imports on all platforms, or only on mobile devices.

File Attachment Allowlist

Enabling this option will restrict file attachments, uploads, and imports across your site to the list of specified MIME types. If there are no MIME types on the allowlist, no uploads or imports will be permitted.

MIME types are validated against a known list of types; if you’re trying to allowlist a type that isn’t on our list, contact support to add it to the validated types list. You should include the entire type; for example, application/pdf (just pdf will not work) and text/plain (just text will not work).

IP Range Allowlist

Enabling this will restrict access to Quip to specified IP ranges to prevent your users from loading Quip content when accessing the internet from outside those ranges. If there are no ranges specified, your users will be able load Quip content from any network. (Quip traffic is always encrypted with TLS 1.2 in transit.)

To enable this for your entire organization toggle to “Enable,” enter as many IP ranges as you need in CIDR format, one per line, and then select “Enable.”

Platform Management

Platform management allows admins to set account-wide, platform specific restrictions for your users. 

For more information on session timeouts and managing their length, refer to the Session Timeouts and Platform Restrictions article. 

Was this article helpful?
1 out of 1 found this helpful