ownCloud Enterprise Edition Features

ownCloud gives organizations the ability to access, control and manage files across applications, on-premises or cloud storage, or other data silos. Open by nature, ownCloud integrates into your existing infrastructure and offers the extensibility required to meet your specific needs.

With over 50 million users across the globe, ownCloud enables Data Infrastructure Modernization, realized through a common file access layer regardless of where the data lives – in applications, object stores, on-premises storage or in the cloud – all completely managed, secured and controlled by IT.

An ownCloud feature comparison overview can be found here:

Uniquely offering both control and access, ownCloud is relied upon by some of the largest enterprises (all over the world). Paired with an Enterprise Subscription, ownCloud makes file sharing an easy choice for IT everywhere.

Key Functionalities


As a busy knowledge worker, you may be in the airport when you have an urgent request from one of your executives to send a critical file ASAP. Your flight is about to board and you don’t have time to fire up your laptop, access the internet, access the VPN, start email, attach the file, sync the client – all just to send the file. But, your mobile phone with the ownCloud app lets you go to the file and share it. Done.

With ownCloud, users have a single interface from which they can access, sync and share files on any device, anytime, from anywhere. Users can quickly find and share the files they need whether shared by others or created themselves. With features like password protection, link expiration, anonymous and full access sharing, files are managed accordingly. And, administrators can easily track and audit file sharing activities. Learn more


You are working on the final presentation for your big product launch. You save the last version on your desktop, grab your iPad and run for the airport. As you taxi for takeoff you open the ownCloud app, the latest file, which has conveniently synced from your PC to the laptop, is there waiting for your final touches.

With a sync client that keeps the web, desktop and mobile device on the same page, users don’t have to question if they have the latest file version. Running seamlessly in the background, ownCloud actively monitors any file changes and pushes the latest version to all devices and all relevant users wherever they are.

Moreover, thanks to the Windows Installer (MSI) for the ownCloud Windows Client, system administrators can install the software in a convenient and automated way on a large number of desktop computers.

External Storage

Your IT project doesn’t start with a blank slate. There are storage systems, servers, private cloud management tools, log managers, backup tools, and more already deployed in the enterprise. ownCloud delivers choice. If storage can be mounted on Linux, ownCloud can use it – SAN, NAS, direct attached, virtual, software defined – whatever is needed. Further, with the ownCloud file system abstraction layer, API based storage, such as S3 or Swift compliant gateways are simple to integrate. And on the off chance a different object store interface is required, it can easily be added.

With ownCloud, you can also leverage storage that already exists; FTP, Swift, S3, Dropbox and more. Administrators can decide to store the most sensitive data on-premises and less sensitive data in the cloud while making all of your files available through a single interface and enabling compliance with your chosen security and governance policies.

To be compatible with as many backend storage systems as possible, ownCloud is designed to store all file metadata in the ownCloud database. This includes information like sharing activity, file IDs and more. For extremely large ownCloud instances, it can be more efficient to hand some of the file handling and metadata storage off to backend storage systems that support, for example, versions or file sharing. As the database is often a bottleneck in extremely large systems, offloading these activities and metadata from the database, performance improves, and the same hardware can scale to support even more users – particularly useful for extremely large instances.

Storage API
The new storage API not only offers better scalability, but it also enables ownCloud to leverage storage that has, until now, been unheard of in file access solutions – such as tape. In this manner, ownCloud can leverage the most cost effective storage possible, while still providing employees, partners and suppliers the frictionless experience they seek in accessing their files.

Encryption & Security

ownCloud is software provided to you, to install in your data center; managed by you, to your policies, following your procedures. Encryption at rest secures your files on the server and still allows sharing among users. The File Firewall ensures all access requests meet rules set by the administrator, and existing infrastructure – such as intrusion detection and log management – can provide added layers of security. With WebDAV, mobile libraries and the ownCloud API as well as several enterprise-only apps, secure file sharing is in your control.

Want to customize your encryption environment to meet your unique needs? While encryption is a critical part of your overall data protection plan, traditionally it has been a “one size fits all” solution with limited to no ability for you to customize. ownCloud’s Encryption 2.0 changes all of that, adding modularity and flexibility into your overall encryption architecture. You have the ability to manage your encryption keys in your key stores, and to customize encryption to meet your specific regulatory and business needs.

Learn more about ownCloud Encryption or about optimizing ownCloud security. Visit the ownCloud Security page. Learn more

Data Infrastructure Modernization

You work in IT at an organization that has unstructured data spread across multiple data silos such as Windows networks drives, Microsoft SharePoint, FTP servers, object storage (e.g. S3) or public cloud services (e.g. Google Drive, Dropbox or other WebDAV-enabled services). Having previously created policies and set permissions at the user, file, application, storage or cloud level, you want the ability to preserve and reuse those same policies and permission. With ownCloud, you can provide users with a single point of access to all of their unstructured data where permissions, ACLs and compliance requirements are respected and can be met and/or configured at a file, object store or user level. Files stored in data silos are made available within ownCloud securely and benefit from ownCloud’s feature portfolio.
Data Infrastructure Modernization is realized by a common file access layer to bundle information, regardless of where the data lives – in applications, object stores, on-premises storage or in the cloud. Users can access company files on any device, anytime, from anywhere – completely managed, secured and controlled by IT. Data is kept where it is, while IT is able to manage sensitive information and business risk, leveraging existing data management, security, governance tools and processes.

Flexible API

ownCloud‘s open architecture, mobile libraries and APIs allow IT to rapidly extend core functionality and enhance the solution to meet user needs. Extend ownCloud with custom functionality through REST APIs that expose ownCloud’s user management, file management, file sharing and activity events, allowing you to customize ownCloud as needed.

ownCloud’s sharing API enables third-party apps to set and query files shared within ownCloud. ownCloud also leverages the WebDAV standard for file access, enabling other software to interact with ownCloud and manage files. ownCloud is highly extensible, enabling the addition of new APIs quickly via plug-in applications. ownCloud gives you to the power to integrate apps that customize your deployment.

Federated Cloud Sharing Improved Feature

You are collaborating with another research center on sensitive data but they are on the other side of the world. Your organization has very strict usage guidelines around data sharing…and so does your collaborator. With Federated Cloud Sharing from ownCloud, both organizations can maintain their individual control while sharing designated files and folders across time zones and geographies—all while maintaining the access at any time, from any device.

With Federated Cloud Sharing, users on one ownCloud installation can collaborate with users on other ownCloud installations while each server maintains its respective security and governance protocols. Files shared between users are no longer confined to a single shared folder or ownCloud instance; users can access the latest file versions and selectively sync the most critical shared files. And, when sharing with users on other ownCloud instances, their names will appear as an option for sharing if they have been configured as a trusted server. To the end user, it appears as if they are using a single ownCloud instance, even though the users are distributed across multiple ownCloud instances. This also means that mobile and desktop users can take advantage of these sharing capabilities, providing a seamless, frictionless way to collaborate with their files inside and outside the organization.


Ransomware Protection

Ransomware attacks are an ever-present malware risk, both for large enterprises as well as for private users. Once affected, whole hard drives or parts of it can become encrypted leading to unrecoverable data loss that directly translates to significant effort and cost. For this exact purpose the ownCloud Ransomware Protection App protects companies by blocking uploaded files known to originate from ransomware to preserve original, unaffected files in ownCloud. Additional to that the App can automatically block user accounts where ransomware was detected and also provides smart mechanisms for the restoration of infected files.


Filesharing with external parties can be quite a challenge. While a public link might be enough to share a single file, this becomes rather complicated for use cases with various files, folders and documents, for example working together on a project over the course of some time. The ownCloud Guests feature solves this by allowing to create ownCloud Guest accounts with very limited access rights. Simply share with external users just by entering an email address in the sharing dialog.
Recipients receive an email containing an activation link. They can log in using their email address as username and the password they chose during activation. Guests may even use the ownCloud desktop clients and mobile apps to connect to ownCloud and work on shared contents. Guest users do not have storage space and can only work in contents that are shared with them. To make this experience fully transparent, Guests are of course fully logged and auditable with the ownCloud Logging and Auditing functionality.


OAuth2 is the open industry-standard protocol for secure authorization of clients. It can be used as a way for users to grant web services or applications access to their data stored in ownCloud. The use of OAuth2 in ownCloud greatly enhances security while facilitating the integration of third party applications or web services. It connects the ownCloud Clients (Desktop, Android, iOS) through a standardized and secure authorization flow and provides a user authorization interface for developers to facilitate the integration of ownCloud in third party applications.
Benefits of the OAuth2 interface include that no user passwords are being stored in ownCloud clients or third party web applications. The use of different access tokens per client provides the ability to selectively revoke user sessions. This strengthens control and access security significantly.

Password Policy

The Password Policy application enables ownCloud administrators to define password requirements like minimum characters, numbers, capital letters and more for all kinds of password endpoints like user and guest accounts or public link sharing passwords. Additional to that administrators can define an expiration date for passwords and set certain policies to avoid the reuse of passwords. To add another layer of security, the administrator can enforce expiration dates for public link shares. As soon as the expiration date is reached the share will be removed automatically.

Outlook Plug-In

Using epiKshare’s Outlook integration you can share access to important files and directories with just a few clicks directly from Outlook. File sharing is optimized by sending only a simple link between users. To limit access to sensitive data or documents the document creator can choose to enter a date to restrict access to a specific period of time. Once the date is reached files can no longer be accessed except by the creator or system administrator.
Send data of any size anywhere, anytime. Learn more

Virtual Data Rooms with Secure View enterprise

Secure View allows ownCloud users to share sensitive data in such a way that it can only be viewed by the recipient. This is useful to keep an overview who has access to the data, and who doesn’t.

If users share data with someone else, they can choose to forbid editing, downloading, even copy/pasting and printing a shared document.

They can also choose to protect a document with watermarks. If a user opens such a document in Collabora, a watermark displays individual user information, which makes even screenshots or photos traceable.

Secure View is a Collabora Online feature, and works with documents of all common office file formats (docx/xlsx/pptx/pdf). Learn more

Storage Encryption With Master Key In HSM enterprise New

ownCloud Server officially supports storage encryption with master keys stored in hardware security modules (HSM). In contrast to the regular master key-based storage encryption which stores the keys on the storage, storage encryption with keys in a HSM allows administrators to completely prevent anyone who has access to the storage from accessing the data stored in ownCloud.

End-to-End Encryption New

End-to-End Encryption for ownCloud increases the security standard for file storage and sharing. It enables users to create folders for client-side encrypted internal or external data exchange. Neither the administrator of the ownCloud Server nor third parties who have access to the infrastructure can read the data. Individual or central key management and provisioning are both available.
Additionally, ownCloud offers a Key Service application which enables professional key management with the option of using USB tokens, HSM/Smartcards and other hardware devices to decrypt data. Learn more

Collaborative Editing of Office Documents

The Integration of Collabora Online, ONLYOFFICE and Microsoft Office Online provides collaborating editing functions for text documents, spreadsheets and presentations inside ownCloud for improved productivity. Users can access their documents within the ownCloud web frontend, author new content, share their work and collaboratively work on the same document with others.
Collaborators of that document are able to see changes in real time and to take over editing from another user. Users can also work with documents on-the-go using their browsers, and are no longer troubled with version conflicts that may occur while working on independent documents. Productivity is increased while simultaneously preserving full control of sensitive corporate data.
Learn more

Document Classification enterprise

To deal with sensitive information and cover for potential data breaches, ownCloud offers the ‘Document Classification’ extension that enables to automatically classify documents and define policies for sharing. Documents can be labelled with certain levels of confidentiality within an Office suite. ownCloud recognizes this information by reading the document’s metadata and automatically sets file tags. On the basis of this information, various guidelines can be defined for each of these security levels, e.g. that documents marked as "confidential" may not be shared externally or that they may not be uploaded to ownCloud at all. Enterprise users can secure files using either automated tagging of documents or custom tag mechanisms defined by the administrator for organization wide use. Personal data can also be secured in compliance with GDPR, while at the same time fulfilling corporate data protection requirements.

Workflows enterprise

Workflows provide a means to automate file operations when certain criteria are met. Current examples comprise of ‘auto-tagging’ (automated assignment of tags with respect to certain rules/conditions) and ‘retention’ (automated deletion of files assigned to specific tags with respect to certain rules/conditions). Many further use cases are also possible and can be integrated with ‘Workflow apps’.

File Favorites

Have certain files that you work on more than others? Are you tired of having to search for those files every time you want to open them? Well now users have the ability to quickly set favorite files on the server. With this new feature users save time looking for their everyday files with a search filter setting that brings up all of your favorited files.


Imagine working on files with a team. There is a folder of files, and a few of you are working on the presentation – but perhaps you are in different locations, or working from home. Now imagine how difficult it is to work on a file, make changes, have those files synced to users can now add comments to files and folders. Comments appear in the activity stream and provide context, improve collaboration, and enable ownCloud to be integrated into day to day business activity.


A group of 4 working across 4 continents are starting a new project, and they need to start working on a range of documents. They meet and divide up the work, and then create a new folder in ownCloud, tag it with the title “awesome project,” share it with the group. The first user in Asia starts creating files using Microsoft Office: presentations, Excel spreadsheets, Word documents and more. As the Europeans start working, comments left by the Asian team members identify which files need to be worked on and how. Finally, the North and South Americans come online and read the history for these files in the comments, and then continue the work. With a few dozen files in the folder, each version is tracked, comments explain what has been done, and the files are all available quickly through the ownCloud tag filter in the files view. This is collaboration made easy.

Tags can be attached to files and folders, providing new metadata information about file and folder contents – the tag can be long enough to support a word or short phrase. Tag types include: 1) User Tags – publicly visible to anyone who has access to the file and, depending on settings, are either static or can be assigned, read and changed in the web interface; 2) System Tags – system visible tags that are applied and managed by admins, which may be set as invisible, visible and static, or visible and editable by the end user.

Auto-Tagging Workflow
Tags can be assigned by a basic rules engine in the ownCloud admin panel with a feature called auto-tagging. This creates basic rules that can set tags and delete files based on tags. There is an admin page where the rules are set in the GUI, the specific tag types and tag names are defined, and the rules to apply tags are defined. This same admin page allows an admin to determine–based on tags–when to permanently delete a file.

Files Drop

Files Drop is the write-only upload addition to ownCloud. It is what it sounds like – anonymous users can now drag a file into the upload-only interface and drop it, and the file will be uploaded to ownCloud.

Who would use this? Well, there a quite a few use cases. The most popular is the FTP replacement. Say you have a large log file to upload to the support desk for one of your favorite network devices. The support desk can give you a URL, you drag the file into the browser at that URL, and the support person can immediately see the file and work with the logs. Since the support person does not see the contents of the ownCloud directory, and the upload is managed by ownCloud’s security features like the file firewall, it provides an excellent and fast way to upload large files in a controlled and secure manner.

Branding via ownBrander enterprise

ownBrander allows you to easily create a custom branded web frontend, mobile (Android and iOS) and desktop sync client. With ownBrander, you provide your own customized artwork and let the wizard help guide you through the process. Customers can access ownBrander through their customer accounts (customer.owncloud.com).
Download the ownBrander guide to get a better understanding about the use cases and capabilities of ownBrander. Learn more

SharePoint Integration enterprise

Your employees are working on a project in SharePoint but the team leader is on the road for the next three days and needs access to SharePoint files from her laptop and phone. While SharePoint enables collaboration, it doesn’t offer easy access when on-the-go. With ownCloud, the team leader can access all SharePoint files through the same ownCloud interface used to access files on the Windows network drive, Dropbox or other corporate data silos. Credentials are passed automatically while preserving the Access Control Lists (ACLs) which have been established. Road trip problem solved.

With SharePoint integration, ownCloud users can directly access their SharePoint document libraries. The administrator configures the app in the ownCloud administration page allowing the app to connect to one or more document libraries using SharePoint web services interfaces. ownCloud treats SharePoint as an external storage location, translating ownCloud commands into SharePoint commands and enabling mobile, web and sync client access. Learn more

Windows Network Drive enterprise

ownCloud administrators can integrate one, or multiple network drives within a single ownCloud instance. Whether user home directories or departmental share drives, the administrator configures the app in the ownCloud administration interface as well as the requisite credentials. Once configured, ownCloud treats the Windows network drives as external storage locations, allowing users to access, sync and share files stored on the Windows network drive(s) through all their devices.


With ownCloud, uploaded files are scanned with ClamAV, preventing the potential for automated distribution of infected files. ClamAV works within ownCloud to detect Trojans, viruses, malware and other malicious threats. Files are scanned for virus upon initial upload to the ownCloud server. And, with minor customization, you can expand your antivirus protection with external virus scanners to scan files on your chosen storage server.

File Firewall enterprise

Say your corporate policy dictates that only employees of a certain group can access files when traveling internationally and data may only be accessed from remote offices. Moreover, a file tagged ‘confidential’ cannot be accessed from a web browser in China, where your company does not have offices. ownCloud’s sophisticated file access rules engine provides the means to easily implement policies that enhance control and govern access to files. It is the last line of defence for the system and can prevent accidental or malicious, unauthorized access to files, even if a user account is compromised.
File Firewall inspects access requests made on an ownCloud server. It is applied by using tags, as well as other criteria, such as IP address range, device type, file size, subnet, geography, time, group membership and more. If those rules are met upon every connection, the request is denied. If the rules are not met, the connection and – ultimately file transfer or action – is allowed.

Retention enterprise

Meet retention requirements when you configure rules in the Workflow app which allow you to retain or delete files based on parameters you define. ownCloud enables admins to set document classification rules and then, based on the defined classification, take action to enforce those rules. By leveraging a combination of new system and user tags, admins and users can decide how to classify a document. Further, admins can set policies that determine how long to retain a file based on the classification, and then automatically delete the file at the end of a defined retention period. All file activities are logged and prove compliance with internal or regulatory requirements.

Logging and Auditing enterprise

Admins can log account level activities such as logins, file sharing activity, file updates and more – giving admins the information they need for compliance reporting and auditing of ownCloud. Logs may be configured to feed an enterprise log manager or SIEM solution such as Splunk for added security. Not only do you remain in control of your data, but you have the tools to actively follow file sharing activities. Watch the video on how to manage ownCloud logs using Splunk.

Active Directory/LDAP

Looking to leverage your existing Active Directory, LDAP or openLDAP directory? Have tens of thousands of users in a single flat OU? No problem with ownCloud’s built-in LDAP and AD integration. A user logs into ownCloud with their Active Directory or LDAP credentials and is granted access based on an authentication request handled by the Active Directory or LDAP server. ownCloud does not store these passwords, rather these credentials are used to authenticate the user.

Attributes such as user quota, email, avatar pictures, group memberships and more can also be pulled into ownCloud from a directory with the appropriate queries and filters.

SSO via Shibboleth/SAML enterprise

Already have a SAML based identity provider (IdP)? Drop ownCloud into your existing infrastructure and authenticate with your chosen IdP, whether it is on-premises or in the cloud. SAML via Shibboleth allows Single Sign On (SSO) across the organization and the globe, providing you with secure authentication within the ownCloud server, as well as the desktop clients and mobile apps. In addition, ownCloud provides flexible APIs, enabling integration with OAuth, 2-factor mechanisms, custom authentication mechanisms and more.


2-Factor authentication adds another layer of access security. The authentication method confirms a user’s identity utilizing a combination of two independent components. Instead of simply requiring a username/password combination, an additional access token (time-based one-time password/TOTP), which can be obtained via mobile phones for instance, is needed to gain access to ownCloud accounts. This not only improves access security, but also provides administrators with an option for disabling individual tokens. Time-based one-time passwords (TOTP) can be obtained through services like Google Authenticator or an Open-Source implementation of the TOTP standard. The feature may be extended to support additional authentication devices via the PrivacyIDEA ownCloud App

User Management

Don’t have a directory? No problem, ownCloud can handle user management for you. View ownCloud users in a single window, sort and search users by user display name, last login, group, or even storage location. New users can be added with a click of a button, sending out an email, while user avatars make it clear who is sharing files and with whom. User management is quick and efficient for admins to add new groups and edit attributes such as group memberships, quota limits, display names and group admin rights.

Provisioning API

If you are using ownCloud to manage users, user provisioning can be accomplished within ownCloud via the Provisioning API. This enables the use of existing data center automation tools and scripted deployments, allowing external systems to trigger authenticated user provisioning and reporting activities. This application enables a set of APIs that external systems can use to create, edit, delete and query user attributes, to query, set and remove groups, to set quota and to query total storage used in ownCloud. Group admins can also perform the same functions for groups they manage. Admins may further query for active ownCloud applications, application info and to enable or disable an applications remotely. With the ownCloud Provisioning API, you can save steps and simplify management of ownCloud.

File Ownership Transfer

When a user is removed from the system, this app allows administrators to move files that they owned in ownCloud to another user, and still retain the shares of the files and folders they owned. Note: it does not transfer files and folders shared with the removed user, only the files that they own.

Full Text Search

ownCloud offers a full text search functionality (based on Elasticsearch), that allows you to find documents and files based on the content within your files, rather than just the file name. This is made possible via the Elasticsearch, an open-source search engine that indexes files in ownCloud and thus enables very performant searching on content level.

Virtual File System

The desktop client with Virtual File System improves usability and reduces local storage requirements. Users can share files in the Explorer even if they are not stored locally. The client reflects the file and folder structure of the server, regardless of whether the data is completely available locally. If a file is needed, it can be downloaded and opened with a single click.

Custom Features enterprise

ownCloud Enterprise Edition offers many great features, however, some customers require certain capabilities that may not be readily available. For those customers the engineers at ownCloud go out of their way to deliver these capabilities by opening consulting projects.
ownCloud Custom Features Overview

Please fill out the form below to get your download.

Please deactivate your script blocker or use a different browser to load the form.

By submitting this form, you are granting ownCloud GmbH permission to contact you. You can revoke permission any time using the unsubscribe link found at the bottom of every email or by sending an email to info@owncloud.com