What’s in this article?

This document aims to give our clients/customers a self-help guide with both tips, and guidelines on 2 different levels so they can distribute to the users, and the other account admins, to standardize processes.

• Best Security Practices for Users

• Security tools for Admins*

Part 1: Best Security Practices For Users

Bear in mind that even within your organization, you should protect any content that might display an end user’s private information or sensitive content related to your role that can’t be shared internally.

This can be done in several ways:

Step 1: Review Internal Security Policies

Make sure you are familiar with your company's internal security and compliance guidelines to ensure you're following company-approved procedures when using Zight.

Step 2: Blur Sensitive Information

When creating items (such as screenshots or GIFs), use the annotation tool to blur out private or sensitive information before sharing.

        Here’s additional information about blurring.

Step 3: Set Expiration Dates on Sensitive Content

Set shared content to automatically expire after a set period. This adds a layer of protection by limiting how long content is accessible. You can set expiration either individually (on each file) or by using default templates for consistent security policies.

Step 4: Select Appropriate Access Levels

Zight allows you to choose different access levels for each item you share:

• Anyone with the link can view

• Anyone with the link and passcode can view

• Anyone in your organization can view

• Anyone in your organization can edit

• Anyone with verified email can view

• Only emailed individuals can view

Step 5: Keep Your Desktop App Updated

Security improvements are regularly released. Check for updates in your Desktop App and apply them promptly. Here’s how to do it.

Part 2: Security Tools For Admins*

*Please confirm your Zight plan as some of these features are exclusively available to our Enterprise plan.

Regulatory Corporate Security Compliance

Zight complies with SOC 2 standards and leverages trusted security tools widely used across industries:

• SSO (Single Sign-On) integrations with Okta, OneLogin, Google Workspace

• SCIM Provisioning for user lifecycle management

• Domain Lockdown to restrict access to company domains

• SSO (Okta, One Login, Google)
  

• SCIM Provisioning

• Domain Lockdown

• You can learn more about these tools and how to set them properly here.

Security Best Practices For Everyday Use And Productivity Enhancement

There are several good practices for your periodical due diligence, and for time-saving:

1. Create templates with security presets for different user groups.

2. Periodically verify that SSO integrations remain functional after system updates.

3. Deprovision Zight Admins immediately when they leave the organization. Work with your SCIM provider for provisioning and deprovisioning automation.

4. Notify Zight Support of any changes to Admin or Account Owner roles as soon as possible.

Accessing your Admin Security Settings

Here’s a quick overview of where to find which security setting in your Zight Admin Settings panel:

• Members: Domain Lockdown, Auto Join

• Authentication: SSO, SCIM

• Files: Global file-sharing defaults

• Customize: Viewer permissions (downloadable content, comments, reactions)

Setting Default Link Sharing & Password Defaults

Admins can configure default link sharing settings to better control who can access shared content across your organization.

1. Go to Workspace Settings.

2. Select the Access and Retention tab.

3. Under Default Link Sharing, select:

   • "Anyone with the link can view" (default)

   • OR

   • "Anyone in your organization can view" (recommended for most internal teams)

This default ensures that shared content stays within your organization unless otherwise specified.

Can I Require a Password for All Links by Default?

Currently, Zight does not offer the ability to require a password on all shared content by default. Password protection can be applied manually to individual items as needed.

Admins seeking additional control should consider combining:

• Auto-expiration settings

• Viewer access restrictions

• SCIM provisioning and deprovisioning

• SSO and domain lockdown features