Application and Data Security You Can Trust

In B2B, one company might operate six subsidiaries across twelve countries, each with its own warehouses, currencies, and catalog logic. OroCommerce mirrors that reality with four configuration layers:

• Global sets the baseline rules for the entire application.
• Organization lets each business unit tailor pricing, inventory, and product visibility.
• Website controls which currencies, languages, and catalogs appear on each regional storefront.
• User lets employees adjust display and workflow preferences without an IT ticket.

To prevent security breaches, Oro encrypts original data to keep it secure. We constantly review new technologies to support the latest and most robust encryption solutions.

• Database column encryption allows us to choose what pieces of data to encrypt instead of encrypting the entire database file.
• HTTPS forced redirect ensures the security of the link between the browser and the webserver.
• User passwords are stored as irreversible hashes not open or encrypted text.
• Safe architecture of the online payment process and out-of-the-box integrations with payment gateways keeps transactions secure.

Oro products incorporate the best password practices to help prevent unsafe passwords and motivate users to create strong credentials. Admins can customize password and login restrictions for application users to:

• Configure the desired password length and complexity
• Limit the number of login attempts
• Enforce password change policy and password history
• Lock accounts after several failed logins to prevent brute force attacks.

In addition, we support multi-factor authentication to strengthen application security with the additional authentication factor.

Oro applications also support IDPs that store and manage digital identities to let company users connect to the application securely, which is particularly important for efficiency and performance in large-scale companies.

Oro applications support IDP services such as LDAP, Google SSO, and OAuth 2.0 credentials authorization.

Oro products support data audit functionality to track changes made to records in Oro applications.

View and track directly from the UI:

• Who changed a record
• What changed
• When the change occurred

Easily create data audit reports and track all login attempts to simplify security-related investigations.

Data security is critical for any eCommerce company. B2B eCommerce applications frequently store customer personal data, credit card numbers, and support online payments.

Oro adheres to the latest data and eCommerce security processes to prevent potential security threats, and constantly refines and improves security to remain on the cutting edge of safeguards, procedures, and policies to safeguard your customer data.