0%

Company Security Settings

Company Security Settings

1. Multi-Factor Authentication Settings

This section controls how MFA is enforced and which verification methods are available to your users. 

Mandatory Two-Factor Authentication (2FA) on Login

Enable this toggle to require all company users to complete a second verification step every time they log in. When turned on, no user can access the platform without completing MFA, regardless of their individual preferences.

Allowed MFA Methods

Select which verification methods users in your company are permitted to use. Three options are available: 

  • SMS One-time Password — A one-time code is sent to the user’s registered mobile number.

  • Authenticator App — Users verify via a time-based code from an authenticator app (e.g. Google Authenticator, Microsoft Authenticator).

  • Email — A one-time code is sent to the user’s registered email address.

You can enable one or more methods simultaneously. Users will only be able to choose from the methods you have activated here. Each method can be starred to set it as the company default.

Permission-Based MFA Requirements

This section lets you require MFA for specific high-risk actions, independently of login-level MFA. When a permission is toggled on, users will be prompted to verify their identity at the point they attempt that action — even if they have already authenticated for their current session.

Toggle each permission on or off based on your company’s risk and compliance requirements. The full list of configurable permissions is shown below:

Users Password Management

This section provides a bulk action for managing passwords across your entire user base.

 

Force Password Change at Next Login For All Company Users

Clicking this button immediately flags all active company users to reset their password the next time they log in. Use this following a security incident or as part of a routine security review.

Maker-Checker Restrictions

This section enforces separation of duties to reduce the risk of unauthorised or erroneous actions. 

Instrument Approvals

When enabled, a user who approved an instrument as Maker cannot also approve it as Checker. This ensures that every instrument approval involves two distinct individuals.

 

Password Rotation Settings

Configure how frequently users are required to update their passwords. Enable the Password Rotation Policy toggle to activate this feature, then set the values below.

Password Requirements Settings

Define the complexity rules that all user passwords must meet.

Password Length

Character Requirements

Toggle on any combination of the following rules to enforce password complexity: 

  • Require Uppercase Letters

  • Require Lowercase Letters

  • Require Digits

  • Require Special Characters

 

Security Checks

Additional validations that can be applied to all passwords:

  • Check for Breached Passwords — Flags passwords that have appeared in known data breaches.

  • Disallow User Information in Passwords — Prevents users from including their name, username, or email in their password.

  • Check for Dictionary Words — Rejects passwords that contain common dictionary words.

Account Security & Session Settings

Configure account lockout policies and session behaviour to protect accounts from unauthorised access. Use the Manage Locked Users button at the top of this section to view and manually unlock any accounts that have been locked due to failed login attempts.

0%