We work with each MFD manufacturer to make our application secure and to support the device's SDK in the intended way. No application is 100% secure, but below are recommendations you can follow to keep your data as safe as possible.
Two-Step / Multi-Factor Authentication (MFA)
It is STRONGLY recommended that MFA be enabled for all StratoQ devices running in Single Sign-On (SSO) mode. If it is not enabled we rely on the control of the administrative side of TopAccess to ensure security.
Each Toshiba MFD running the StratoQ app uses a unique URL authentication scheme. This URL "Device Secret" lets our servers know that the device connecting to us is actually the device configured and licensed in your account, and not an unauthorized connection. These Device Secrets cannot be replicated, and only one secret can be valid at a time for each MFD registered in StratoQ.
If SSO is enabled and MFA is disabled, it is VERY important that you follow the below recommendations.
- This secret should not be shared outside of the administrative group of your organization. It should not be emailed or stored outside of TopAccess itself.
- The Administrative password for TopAccess should be changed from the default to a secure string that is not easily guessable or used elsewhere.
- This Device Secret should be periodically changed. This can be done from within the StratoQ administrative portal.
All of the communication between the MFD and the StratoQ servers is automatically forced over HTTPS. However, the certificate must still be manually loaded on some older Toshiba EBX devices. If this step is not completed, a known issue with the EBX device will cause the URL secret to be displayed to the user each time the app is opened, and the user will be asked to "Accept" the certificate.
For more information on this configuration, see the Setup Guide - Toshiba KB article.