-
- Enable Enterprise membership
- Configuring EE SSO
- Integrating Insomnia Enterprise with Okta SAML 2.0
- Integrating Insomnia Enterprise with Okta OpenID Connect
- Integrating Insomnia Enterprise with Microsoft Azure/Entra ID SAML 2.0
- Insomnia Whitelisting Guide for Enterprise Users
- Transfer enterprise organizations and license
- Configuring SCIM
- Multiple Owners
- Manage Domains
- Invite Controls
- Storage Controls
Security Standards
This document addresses common questions we get about our security standards.
How is data processed when sent to Insomnia servers?
- Information is sent over TLS
- Information sent is end-to-end encrypted
Where is our information stored?
- Information is stored in GCP, in US Central region
- Information inside of GCP is stored within Postgres
Do we have any compliance certifications?
For more information on our compliance certification reach out through the following contact form.
Do you have any penetration test results from external parties?
For more information on penetration test results reach out through the following contact form.
What authentication is implemented by the application?
- Secure Remote Passwords (SRP) encrypted key exchange protocol.
How often do you release major updates, and or security patches?
- We regularly update the Insomnia desktop application.
- Security, and hotfix patches are handled on a case-by-case basis and can occur at any time.
Do you retain server logs, or event logs?
- All server logs stored are kept within GCP and only accessed by engineers authorized to manage the Insomnia servers.
Do you maintain documentation when an incident/event occurs?
- When an incident occurs, we perform an internal post-mortem and disseminate information accordingly, either through the site in the form of a blog post, or through social media/support on a case-by-case basis.
In case of a breach, do you notify customers?
- Yes, via email.
What is your primary point of contact?
