How to manage policies for your organization with NordPass

With NordPass Business, organization administrators can set up policies on how organization users log in and use NordPass.

NordPass Business allows granular policy enforcement for advanced organization security, as policies can be customized per individual user or user role, as well as applied to all organization users seamlessly.

Policies can be set up and adjusted at any time in the Business Administration panel by organization Admins and Owners.

How to set up policies for NordPass?

In order to set up policies for your NordPass organization, 

1. Go to NordPass Admin panel and click settings button:
   
   
   
   
2. Locate the policy you want to configure, for example, MFA, and click on it:
   
   
   
   
3. You will see that policy's overview:
   
   
   
   Here, you can enforce settings as needed by switching the toggles:
   
   

You can also apply exceptions to certain users, by switching the toggle off next to specific users Exceptions to enforced policies are conveniently displayed in the policy configuration screen:

By clicking on the exceptions list, you will be presented with a detailed view of which members have the exceptions to the policy.

What policies are available for granular enforcement in NordPass?

While we are constantly adding new policies to the granular enforcement list, currently, the following ones are available in NordPass:

• Multi-Factor Authentication (MFA). Customize which user roles or individual users will require mandatory MFA when logging in to NordPass. Learn how to set up mandatory MFA for organization members.
  
  
• Password Policy. Customize password policy requirements for each role, as well as customize which roles or individual users are required to comply with set password policy when creating or storing passwords in NordPass. Learn how to enable password policies for organization members. 
  
  
• Guest Sharing. Customize which user roles or individual users will be able to share passwords outside of your organization. Learn how to enable Guest Sharing. 
  
  
• Item Exporting. Customize which user roles or individual users are allowed to export their vaults from NordPass. Learn about how to export passwords from NordPass.
  
  
• Email Masking. Customize which user roles or individual users should use email masking for secure browsing. Learn more about Email Masking.  
  
  
• Auto-lock time. Customize maximum time period of device inactivity after user vaults will be locked. You can customize autolock time for individual users or user roles. Users will be able to choose a shooter timeframe within their app settings. NOTE! Member policy exceptions are not overridden when organization or role level settings are changed. In order to clear individual policy exceptions, the “Clear custom settings” button must be used. Learn more about NordPass Autolock feature.  
  
  
• Allow browser extension to stay unlocked. Customize which users or user roles are allowed to have NordPass browser extension to stay unlocked even if they close their browser or restart their desktop device. This option is only available when auto-lock time is set to Never. Learn more about allowing NordPass browser extension to stay unlocked for organization members.  

What levels of granularity are available when configuring Policies?

At the moment, NordPass offers granular policy enforcement for these levels:

• Everyone, which means all organization members, including users added in the future will need to comply with the policy.
  
  
• Roles, which means that users only belonging to selected role will need to comply with the policy. As soon as a user is assigned a certain role, role policies are applied. 
  
  
• Members, which means that exceptions policy enforcement can be applied on individual user level. 

What policy configuration is recommended in order to ensure the best security for my organization?

NordPass gives guidance on recommended policy setup for your organization. In the settings page, you will see guidance on setting recommendations, only when current policy setup in your organization does not match the best organization security practices, for example:

To make sure your organization is secure, NordPass also provides reminders when policy enforcement is changed, against the best security practices, so business administrators are informed when making policy enforcement decisions: