Overview
Organization administrators can manage security settings and user access directly from the Admin Portal.
Changes made to security policies apply to all users within your organization.
🛡️ Managing Security Settings
To configure your organization's security policies, navigate to:
Admin Portal → Security
🔒Managing Multi-Factor Authentication (MFA)
MFA adds an additional layer of account security.
Enabling MFA
Select the Security.
Locate the MFA section and click on manage.
Enable MFA
Recommended Setting: Force MFA for all users
Users will be prompted to reconfigure MFA during their next login.
🔑 Password Settings
These settings work together to prevent unauthorized access, ensure credentials stay fresh, and keep your platform secure without disrupting your users.
Select the Security.
Locate the Password section and click on manage.
Open the Configuration tab.
Configure the desired password settings.
Select Save to apply your changes.
📝 Recommended Password Security Settings
Setting | Description | Recommended Value |
User Lockout | Number of consecutive failed login attempts allowed before a user's account is temporarily locked. | 5 failed login attempts |
Password History | Number of new passwords a user must create before a previous password can be reused. | 5 new passwords |
Password Expiration | Number of days before a password expires and must be reset. | 90 days |
Password Expiration Reminder | Number of days before password expiration that users are prompted to reset their password. | 7 days before expiration |
🚫 Restrictions
Restriction settings allow you to control who can access your organization's account based on IP address or email domain.
IP Restrictions
IP restrictions let you create an allowlist of approved IP addresses that can access your organization's account.
Users attempting to sign in from an IP address that is not included in the allowlist will be denied access.
To configure IP restrictions:
Navigate to Security.
Locate the Restrictions section and select Manage.
Open the IP Restrictions tab.
Add the approved IP addresses.
Domain Restrictions
Domain restrictions control which email domains can be used to access your organization's account.
You can choose one of the following options:
Allowlist
Only users with approved email domains can be invited to or access your organization's account. Existing users are not affected by changes to the allowlist.
Denylist
Users with email domains on the denylist cannot be invited to or access your organization's account. Existing users are not affected by changes to the denylist..
✅ Best Practice
An allowlist provides stronger security than a denylist because it permits access only from explicitly approved email domains.
To configure domain restrictions:
Navigate to Security.
Locate the Restrictions section and select Manage.
Open the Domain Restrictions tab.
Select Allowlist or Denylist.
Add the applicable email domains.
🕑Session Timeout
Session timeout settings help protect your organization's account by automatically signing users out after a period of inactivity.
To configure the session timeout:
Navigate to Security.
Locate the Session Timeout section and select Manage.
Configure the desired settings.
Select Save to apply your changes.
Session Timeout Settings
Setting | Description | Default |
Idle Session Timeout | Define how long a user session can remain inactive before the user is automatically signed out. | 30 minutes |
Force Re-login | Require users to sign in again once their session reaches the specified time limit, regardless of whether they have been active or inactive. | 90 days |
Maximum Concurrent Sessions | Set the maximum number of active sessions a user can have at the same time. If the limit is reached, the oldest session is automatically signed out when a new session is created. | 10 |
Changes apply to all users in your organization.
🕑 Inactivity
The Inactivity page allows administrators to identify users who have not recently accessed the platform.
Use this page to:
Review inactive users.
Identify accounts that may no longer require access.
Support periodic access reviews and account cleanup.





















