Questions from Security team


our company consider HipChat as a possible messenger for some of the teams. Could you please explain more fully a few points to our Security team:

1. Encryption of messages during sending.

2. Encryption chat history stored on the server and the client.

3. Monitoring / reporting on the established client connections.

4. Ability to manage (reset) client connections.

5. Control of devices, which allow connections.

6. Domain authentication.

7. Ability to use two-factor authentication.

8. Automatic updates and changes in the client software settings without the need for administrative privileges.


Thank you.

1 answer

1 accepted

0 vote

Hi Dmitry - the basic information about HipChat security can be found at To some of your questions in particular:

  1. All communication between the client and server is sent and received encrypted over https (TLS in the older versions of the clients)
  2. Chat history is not stored on the client. On the server, it's stored unencrypted to support searching.
  3. Users can view their own client connections at There is not currently any support for admin-level viewing of other users client connections
  4. Like above, users can disconnect sessions at the given URL. No admin-level support for performing this on other users.
  5. We don't restrict any devices from connecting to HipChat, but all connections must be over a secure channel (TLS/SSL). This includes 3rd party XMPP clients as well as all HipChat-built ones.
  6. I'm not sure exactly what you mean by domain authentication. We confirm emails as a general process of security, but don't restrict them to certain domains based on the account they're accessing.
  7. 2FA isn't something we currently have, but certainly something we hope to add in the future (along with SAML-based authentication, which often comes with its own 2FA support)
  8. Assuming clients are installed by a non-admin user, they can also be updated by the non-admin user without requiring escalated privileges. If you are being prompted to enter administrator credentials when updating, it's likely that the app was initially installed by an administrator account.


Suggest an answer

Log in or Join to answer
Community showcase
Maarten Cautreels
Published Oct 07, 2017 in Hipchat

Bringing Structure to your HipChat Instance

...have mention name FirstnameLastname. Fe.: @MaartenCautreels This certainly helps to know who is being mentioned in a conversation. Imagine your colleague sends the following message...

464 views 1 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot