Knowledge Base

Two-factor authentication (2FA)
Password strength
Password expiration and reuse
Advanced rules
Allow access only for specific IP addresses
Allow access only at specific times
Confirming and validating your changes

Security rules

Jenny Takahara, April 17, 2024
Note: The security rules feature is one of the many useful features of Pipedrive's Enterprise plan. Only users with account settings access can set up security rules in a company account.

Keeping data safe is essential for any business. The security rules feature allows you to enforce access restrictions to ensure that business data is only available to the right people at the right place and time.

To access and set up your security rules, go to Settings > Security center > Rules.

Note: With the exception of two-factor authentication, security rules won’t apply when accessing Pipedrive through the mobile app.

Two-factor authentication (2FA)

You can toggle this option to enforce two-factor authentication (2FA) for all users.

The 2FA feature protects your Pipedrive user account by sending users an email with a click-to-verify link the next time you log in.

Each user will only need to be verified every 30 days on each device.

Password strength

When a user with account settings access enforces password strength requirements, any users with passwords that don’t fulfill those requirements will be asked to change their password the next time they log in.

You can make sure user passwords have one or more of the following:

  • At least one lowercase and one uppercase letter
  • At least one number
  • At least one special character ( '!', '@', '&', etc.)
  • A minimum amount of characters (must be at least 8)

Password expiration and reuse

A password expiration date or password reuse condition can be set up for your users’ passwords.

  • Password expires – Your users’ passwords can be set to expire every 365 days, 180 days, 90 days, 60 days, 30 days, or never.
  • Password reuse – Password resets can be limited to forbid just the current password or current password and one previous password

Advanced rules

When you expand the Advanced rules section, you’ll be able to set up more sophisticated security rules to limit user access.

Note: Once enforced, advanced rules will immediately apply to all users without account settings access.

Allow access only for specific IP addresses

If you want your users to only access Pipedrive when they’re in specific locations, you can add IP address conditions to your advanced security rules.

All users without account settings access will then only have access to company data when they’re under these IP addresses. Click on “Add IP address” to get started.

In the Add IP window, you can either type in an IP address or auto-fill your current IP address. Depending on your access limitation requirements, you can add more than one IP address.

Allow access only at specific times

Enabling this rule will restrict user access to specific time frames, such as company working hours or a timezone.

All users without account settings access will lose access to Pipedrive outside of the added days, times and time zones.

You can click on “Add time range” to set up your time range restrictions.

Confirming and validating your changes

Once all of the rules are set up, you can click on “Preview and enforce” to validate your changes.

Confirm your security rule details in the window that appears and click on “Enforce now” to implement your rules.

You can choose where to send a summary of the changes made to your users.

Was this article helpful?



Related articles

Got any questions?

Contact us