As a system administrator, you can configure security preferences for your Workfront system. You can configure the following security areas in your system preferences:
- Access to Workfront from mobile apps and other applications.
- Rules for embedding Workfront in an iframe.
Changes that you make in the system preferences impact all users in your system, and their experience with Workfront.
We recommend that you configure your system security preferences during the Workfront implementation and only occasionally revisit them afterward.
To configure your system security preferences:
- Navigate to the Setup area in the Global Navigation Bar.
- Expand System, then click Preferences.
- In the Security section, select any of the following fields to establish the security settings for your organization:
Allow embedding of Workfront in an iframe: This option allows you to embed Workfront in an iframe. Displaying a web-based application like Workfront in an iframe makes Workfront susceptible to a Clickjacking security breach. This option is disabled by default.
Allow SAML 2.0 authentication in Office 365 add-ins: This option allows you to embed Workfront in an iframe only for Office 365 add-ins, when Workfront is integrated with a SAML 2.0 single sign-on solution. This option is enabled by default.
NOTE If you enable Allow embedding of Workfront in an iframe, the Allow SAML 2.0 authentication in Office 365 add-ins is grayed out and enabled.
Enable the use of session information when creating External Page URLs: This allows users to use the Session ID information of a site when adding an External Page to a Dashboard.
For more information about adding External Pages to a Dashboard, see "Embedding External Web Pages into Dashboards."
Let people use Workfront's mobile applications and the Workfront Outlook Add-In: This allows users to access the mobile apps (Workfront View for iPad, and mobile phone apps), as well as the Workfront Outlook app. By default, this option is enabled.
For more information on Workfront View, see "Workfront View." For more information about the mobile apps, see "Workfront Mobile App." For more information about the Outlook plugin, see "Setting up the Workfront Outlook Add-in."
Collaborate with people without Workfront accounts by using email addresses: This allows Workfront users to share certain items with people without a Workfront account by including their email address instead of their name. The following items can be shared with an external user by using their email address:
- Document request
- Document approval
By default, this option is enabled.
Require external users to register with a password: If enabled, this option requires external users to register before they are able to view items in Workfront. By default, this option is disabled. When you enable this option, people without a Workfront account who are included in certain updates by their email address, will be prompted to create an account before they can view the item they are included on. This creates an External User account for them.
Automatically log users out after ...: This allows you to specify when a user is logged out of Workfront, after a period of inactivity. By default, users are logged out after 8 hours of inactivity. You can choose from the following settings:
- 15 minutes
- 30 minutes
- 1 hour
- 8 hours (this is the default)
- 24 hours (This option is currently unavailable.)
- 7 days (This option is currently unavailable.)
This option also affects Workfront customers who are using a single sign-on solution.
- Click Save.
The changes that you saved here affect the experience of all the users in Workfront and anyone who interacts with them as an external user.
Keep this on this article always - for this reason:
**DON'T DELETE, DRAFT OR HIDE THIS ARTICLE. IT IS LINKED TO THE PRODUCT, THROUGH THE CONTEXT SENSITIVE HELP LINKS. **