Kornit X User Management Policy

Kornit X User Management Policy

User Access Management Policy

This document forms the User Access Management Policy for all staff and contractors working for and on behalf of Kornit X.


Staff access to OMS and CPP

Staff will only be issued with a STAFF level access to the Platform once full training has been undertaken and signed off by the individual’s direct line manager.

Access can only be granted by Human Resources who will ensure the access level provided is required and suitable to the individual’s position and responsibilities. Human Resources will maintain a record of all STAFF level access to our platforms which will be reviewed on a monthly basis.


Staff changing positions or leaving the business will also be managed by HR with a review into removing, restricting or expanding access based on the change in question.


All staff accounts have mandatory MFA using Google Authenticator.


Client access to the Platform

Clients with a suitable subscription will be given access to systems in line with their subscription tier.

On engaging Kornit X, clients will provide details of the users that they require to access systems and the functions those users need to be able to sufficiently complete their duties.


Client users will only ever have access to companies and data within the platform directly tied to their parent company.


User removal or modification can be requested by email to support@custom-gateway.com


Privileged and Admin access to Platform Servers

Cloud (AWS)

None of our AWS server resources are accessible via SSH. Platform updates are fully managed by AWS (i.e. Elastic Beanstalk and ECR/ECS).


Only two senior team members have full access to the AWS console.


A number (< 10) of core team members have read only access to CloudWatch application logs and metrics to facilitate troubleshooting.


All access to the AWS console is via IAM users and MFA is enforced for all.


We do not use the root account (which is also behind MFA).


Non-Cloud (UKFast)


All SSH access to our server fleet is key based, firewall protected and via a non-standard port.


Additionally, fail2ban is installed on servers as a last line of defense against brute force attacks etc.


Only four core staff members have SSH access to personalisation platform servers and all use passphrase protected private keys.


Only two senior staff members have access to our firewall settings (which is behind an MFA enabled login).


Database access is restricted to only application servers and read replicas via IPTables rules.


For servers handling web traffic, only ports 80 and 443 are exposed publicly.


For servers handling databases or scheduled tasks, no ports are exposed publicly.


    • Related Articles

    • Kornit X Security Notification Policy

      Security Incident Notification Procedures This document forms the security incident notification procedures for all staff and contractors working for and on behalf of Kornit X. Suspected Data Breaches If you suspect that there has been a data breach ...

    • Kornit Pallet names and sizes

      As of February 2024, this article is up to date with all current Kornit Machine pallet sizes When setting up your Kornit workflow, you will need to make sure the artwork generated by the system has the correct naming convention. If the item doesn't ...

    • Settings | User Roles

      Introduction There are Thousands of users of the Kornit X Platform and with this there are multiple different types of User Roles which allow certain organisations to have explicit access to what they need. This means for users working with the Floor ...

    • Kornit X Shopify Apps

      Introduction A whitelabel shopify app from Kornit X is a great way to enable Shopify sites to integrate with Kornit X and easily sell personalised and print on demand products. Whilst Kornit X provides the app infrastructure, it is necessary for the ...

    • Kornit X Feeds | Webhooks

      What Does The Webhook Feed Do? Previously the ability to export a products retailer feed was available through Platform, which downloads a .csv file to the users system. The web hook feed produces the same data format as the retailer feed, however, ...