Configure Your Instance¶

The Global Settings section allows an instance administrator to control and adapt the general behavior of the Reemo platform. These settings directly impact security, user management, remote sessions, and the branding of the instance.

An instance administrator should regularly check these settings and adjust them according to organizational needs, internal security policies, and best practices.

User Account Creation Settings¶

../../_static/images/instance/settings/instance_settings_users.png — *User creation settings*¶

This tab defines the policies for creating and securing user accounts.

Available options:

Minimum password length: Sets a threshold in number of characters (default 8). Recommendation: use at least 12 characters for sensitive environments.
Password with letters, numbers, and special characters: Enforces minimum complexity rules. Reduces the risk of brute-force or dictionary attacks.
Password management by an organization admin: Allows a local administrator to manage managed accounts (creation, reset). Useful for organizations without centralized SSO.
Allowed domains (whitelist): Restricts account creation to email addresses of a specific domain (e.g. @mycompany.com). Best practice: always use this option to prevent unwanted external signups.
Blocked domains (blacklist): Excludes certain known domains (e.g. @gmail.com) to limit risks from personal emails.

Note

A strong password policy combined with multi-factor authentication (2FA) is essential to ensure instance security.

Authentication Settings¶

../../_static/images/instance/settings/instance_settings_signin.png — *Login settings*¶

This tab allows you to control how users log in to the portal.

Key options:

Email alert for unknown devices: Each login from a new device triggers an email alert. Recommended for detecting suspicious logins.
Enforce internal 2FA: Users without two-factor authentication enabled are forced to go through an internal verification. Ensures that all accounts use 2FA.
Disable “Remember Me”: Removes the ability to keep a persistent session via cookie. Enable this for critical environments.
Multiple HTTP sessions: Allows a user to be logged in on multiple devices simultaneously. Useful for mobile users but reduces security.
Disable integrated authentication for SAML/LDAP: Forces affected users to log in exclusively through SSO authentication.
IP filtering: Restricts access to specific IP ranges (e.g. internal network only). Example: 192.168.0.* or 10.0.0.1.
Auto logout on inactivity: Ends the session after a configurable delay (default 30 minutes). Recommendation: set a shorter delay (15–20 min) for sensitive environments.

Remote Sessions¶

../../_static/images/instance/settings/instance_settigs_sessions.png — *Remote session settings*¶

Controls administrator privileges at the session level.

Admin can connect to any computer: When enabled, an instance administrator can directly connect to all registered machines. Useful for global support, but should be restricted to reduce abuse risk.

Containers¶

Maximum container lifetime (in minutes): Defines the maximum lifetime of a container after launch. Once expired, it is automatically destroyed or restarted depending on the configuration.

Note

This limit applies to the maximum value allowed in a container profile of an organization.

Default TURN Configuration¶

../../_static/images/instance/settings/instance_settings_turn.png — *Default TURN server configuration*¶

The TURN protocol is used for Reemo network transport when direct (P2P) connections fail.

Enable custom TURN: Allows you to specify your own TURN relays, for example hosted internally, to improve latency or comply with regulations.
Required parameters: - Host (IP address or FQDN) - Port (default 443) - Credentials (username + password)

Note

This configuration will be used by default if no other TURN server is set at the organization level.

Tip

For distributed environments, configure multiple TURN servers geographically close to users.

Emails¶

Manages automatic notifications sent by the instance:

Unknown devices: warns in case of a new login.
New organization: sends an email to users when they are added to an organization.
Managed user creation: notifies a user when an account is created for them.

Allow Organization SSO Creation¶

../../_static/images/instance/settings/instance_settings_sso.png — *SSO settings for organizations*¶

Allows delegation of authentication to external systems:

LDAP: login based on an internal directory.
SAML: integration with an identity provider (IdP).

Enabling these options allows configuring organization-specific SSO.

Note

If you only have one SSO, it is recommended to configure an SSO connector at the instance level rather than at the organization level.

Customization¶

This tab allows you to modify the appearance and branding of the instance:

Instance title: displayed on the portal.
Theme color: several predefined colors.
SVG logo: used in the interface and login screen.
Custom email logo: configurable size (width and height).
Custom links: support, download, terms of use.
Progressive Web App (PWA): customization of the title and icon (512x512) of the PWA added to the desktop.

Note

Customization is essential to align the user interface with your organization’s branding guidelines.

Instance Export¶

../../_static/images/instance/settings/instance_settings_export.png — *Instance export*¶

This function generates a JSON file containing the complete instance configuration. It can be imported into another Reemo instance or used for backups.

Available options:

Include private/secret keys: exports API keys, organizations, and groups.
Reset database on import: erases all existing data before import.

Warning

Remote Desktops are not exported, only containers.
Export may generate a high load on the database.
Handle this file with care: it contains sensitive information.