ITOM security features

Security and data protection are vital aspects in all ManageEngine ITOM products, and we strive to ensure that our customers' safety is our number one priority. In line with this, ManageEngine ITOM products offer certain security features that help us achieve our safety goals. This page will shed light on security features offered in ManageEngine ITOM products.

  •  Access control

      Role-based access control (RBAC)

      Role-based access control (RBAC): RBAC allows the possibility to restrict access only to the required users, based on their User Roles. This prevents undesired transmission of data as access to specific features and asset details are available only to authorized users.

      Two-factor authentication (TFA)

      Two-factor authentication (TFA): Two Factor Authentication (TFA) provides an additional level of authentication and improves security by requiring the user to provide a unique time-based one time password (TOTP) generated through Authenticator Apps, or as a one time password (OTP) sent to the user's configured Email address. TFA strengthens authentication and prevents unauthorized access.

      Password Policy

      Password Policy: A password policy is a set of rules designed to enhance security by encouraging users to employ strong passwords. ManageEngine ITOM products have password constraints in place to avoid simple passwords that pose a threat to security.

      User Account Lockout Policy

      User Account Lockout Policy: The User Account Lockout setting allows the administrator to lockout accounts after a specified number of invalid login attempts. A locked out account cannot be used until reset by an administrator, or until the account lockout duration has expired. For instance, if invalid credentials have been provided for over 5 times, the account will be locked out for 2 mins. This lockout interval and the number of bad login attempts can be configured.
  •  Encryption at Rest

    Sensitive data, such as passwords, auth-tokens, and the like, that are stored in databases are encrypted using 256-bit Advanced Encryption Standard (AES). Also, few other sensitive information over databases use a unique installation key that is used for encryption purposes, unique to every customer.

  •  Database Protection

    The product database can be accessed only by providing instance-specific credentials and is limited to local host access. The passwords stored are one-way hashed using bcrypt and are filtered from all of our logs. As bcrypt hashing algorithm with per-user-salt is used, it would be exorbitant and heavily time-consuming to reverse engineer the passwords, and the database resides in Customer setup only.

  •  Application Control

    Checksum is used to verify the integrity of binaries in order to prevent any modification by intruders. All our binaries are digitally signed and verified during execution.

Your data security is your right and our priority. We will continue to work hard to keep your data secure, like we always have. For any further queries on this topic, take a look at our FAQs or write to us at

Our ITOM Solutions


  • NASA
  • AT&T
  • HP
  • IBM
  • Tropical
  • MeetMinneaplis
© 2019 Zoho Corp. All rights reserved.