Questions from Security team


our company consider HipChat as a possible messenger for some of the teams. Could you please explain more fully a few points to our Security team:

1. Encryption of messages during sending.

2. Encryption chat history stored on the server and the client.

3. Monitoring / reporting on the established client connections.

4. Ability to manage (reset) client connections.

5. Control of devices, which allow connections.

6. Domain authentication.

7. Ability to use two-factor authentication.

8. Automatic updates and changes in the client software settings without the need for administrative privileges.


Thank you.

1 answer

1 accepted

0 votes
Accepted answer

Hi Dmitry - the basic information about HipChat security can be found at To some of your questions in particular:

  1. All communication between the client and server is sent and received encrypted over https (TLS in the older versions of the clients)
  2. Chat history is not stored on the client. On the server, it's stored unencrypted to support searching.
  3. Users can view their own client connections at There is not currently any support for admin-level viewing of other users client connections
  4. Like above, users can disconnect sessions at the given URL. No admin-level support for performing this on other users.
  5. We don't restrict any devices from connecting to HipChat, but all connections must be over a secure channel (TLS/SSL). This includes 3rd party XMPP clients as well as all HipChat-built ones.
  6. I'm not sure exactly what you mean by domain authentication. We confirm emails as a general process of security, but don't restrict them to certain domains based on the account they're accessing.
  7. 2FA isn't something we currently have, but certainly something we hope to add in the future (along with SAML-based authentication, which often comes with its own 2FA support)
  8. Assuming clients are installed by a non-admin user, they can also be updated by the non-admin user without requiring escalated privileges. If you are being prompted to enter administrator credentials when updating, it's likely that the app was initially installed by an administrator account.


Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 14, 2018 in Hipchat Cloud

Hipchat Cloud and Stride End of Life: Just over 90 days away

Earlier this year we made the difficult decision to discontinue our team messaging tools, Stride and Hipchat. The end of life date for Stride and Hipchat Cloud is quickly approaching - February 15, 2...

26,353 views 0 7
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you