Security settings that apply to your personal user account are available via Account > Account Security. Security settings that apply to all users in your organization are available to organization administrators under Account > Organization Settings.
Two-factor authentication
With two-factor authentication, a random 6-digit code is required to log in to your Telerivet user account, in addition to your password. The 6-digit code changes every 30 seconds.
This means that even if your password or email account is compromised, the other person only has a 1-in-a-million chance of guessing the right code to log in to your Telerivet account. Telerivet also sends you an email if someone enters an incorrect authentication code, and prevents too many incorrect guesses.
You can receive authentication codes via a phone call, SMS, or a smartphone app. We recommend using the smartphone app, because it will always work even if your phone doesn't have an internet connection or cell service, or if our servers can't send you an SMS or a phone call. Telerivet uses a standard two-factor authentication method called TOTP, which works on any smartphone, including Android, iPhone, Blackberry, and Windows Phone.
We also recommend enabling SMS and phone calls as a backup to reduce the risk of getting locked out of your account. If you can't receive your authentication code, you'll need to contact support@telerivet.com in order to prove your identity and regain access to your account.
Organization Password Policies
On the Organization Settings page, organization administrators can specify minimum password requirements and enforce two-factor authentication for all users within the organization:
Allowed Login Methods / Single Sign-On
In addition to using a Telerivet password to log in, users can also log in to Telerivet via their Google account (including G Suite). Organizations on an Enterprise plan can also configure a SAML identity provider, such as OneLogin or Okta, to allow their users to log in via single sign-on.
Organization administrators can configure which login methods are allowed on the Organization Settings page:
If all users in the organization have a Google account or an account with a SAML identity provider, the organization administrator can disable the Telerivet password login method. This makes it possible for your organization to enforce your own authentication and password policies for user access to Telerivet account. It also makes it easier to ensure that a user's access to Telerivet is revoked if they leave your organization.
The account owner will always be able to log in with a Telerivet password, in order to avoid locking everyone out of the account if there is a problem with Google or your SAML identity provider.
If your organization is using a SAML identity provider like OneLogin or Okta, connecting your Telerivet account to a SAML identity provider requires a few one-time setup steps that vary depending on your identity provider. To configure a SAML identity provider, contact support.
IP whitelists
On the Account Security page, the Login IP Whitelist allows you to control which IP addresses (network locations) are allowed to log in to your Telerivet user account. It provides an additional layer of security in case your password is compromised.
If your account is accessed from an unknown IP address, Telerivet will automatically send you an email, and you can choose whether or not to add the IP address to the whitelist. This way you'll be notified of suspicious activity, and you don't have to worry about being locked out of your account if you need to access your Telerivet account from a new IP address.
On the Organization Settings page, the Organization IP Whitelist allows organization administrators to permit access to your Telerivet projects only from your corporate network, so that users cannot access your Telerivet projects while outside of work. If your Telerivet account is accessed from an IP address not in the whitelist, the access will be denied (without sending an email to allow the user to whitelist that IP address).
The Organization IP Whitelist also applies to REST API requests. If you are using the REST API, make sure to add the IP addresses of any servers that will be making API requests.
Manage your login sessions
The Login Sessions page is helpful if you've used Telerivet on a shared computer and forgot to log out.
You can see all of the computers or mobile apps where you're currently logged in, and log out any sessions other than your current one:
Review recent account activity
In the activity log, you can view the activity on your Telerivet account in the past 90 days.
If you manage an organization or project with multiple users, you can also view activity for your entire project and organization.
Note that when viewing activity for other users as an organization/project administrator, you'll only be able to see actions that the other user performed within your organization or project.
Comments
0 comments
Please sign in to leave a comment.