On the Security settings page under Settings > Administration > Security settings, you can set up different options to make sure your site is well protected.
Jump to...
1. Use 2-step verification
Here, you can set up 2-step verification to keep your data safe, even if your password somehow mistakenly ends up in the wrong hands. Just switch on the setting Use 2-step verification.
If 2-step verification is active on your site, each user has to verify their account via mobile phone. When logging in, the user enters their username and password, Scoro sends a text with a unique string of numbers to their mobile phone, and they type in the code. In addition, each user can add multiple devices to their trusted devices list, so Scoro knows it’s them logging in — that way, the user doesn't have to sign in via 2-step verification each time. Read how to set up 2-step verification.
2. Valid user account password
To keep your site and user accounts safe, it's recommended to set up an expiry period for user passwords. Just pick the time period from the User password is valid dropdown list. When the validation period is over, the user is asked to change their account password.
3. Session expiration setting
Enable session expiration settings for users, so each user can decide the maximum time period for how long they're logged in to their site when inactive. Each user can set up their session duration under Settings > My settings > My security settings.
4. Enable Microsoft or Google sign-in
If your team is using Google or Microsoft accounts, you can enable one or other sign-in option for your Scoro site.
For example, if your team is using Microsoft, and you have enabled this sign-in option, users who have already created their Scoro user accounts can now use the Sign in with Microsoft option to log in even quicker. This makes the login process more convenient, as you won't need separate credentials.
5. IP restriction
If needed, you can use IP restriction and specify (whitelist) one or more IP addresses from which the users are able to access your site.
6. Enabling regular login for specific users
If your site has Single sign-on (SSO) enabled, but there are users who aren’t able to use SSO, you can enable the regular username and password login method for them.
For more information on how to set this up, go to our article about Single sign-on (SSO).