Knowledge Base

Keeping data safe is essential for any business. With the security rules feature, it is possible to enforce access restrictions to ensure that business data is only available to the right people at the right place and time.

To access and set up your security rules, go to Settings > Security center > Rules.

Two-factor authentication (2FA)

You can toggle this option to enforce two-factor authentication (2FA) for all users. The 2FA feature protects your Pipedrive user account by sending users an email with a click-to-verify link the next time you log in. Each user will only need to be verified every 30 days on each device.

Password strength

When a user with account settings access enforces password strength requirements, any users with passwords that do not fulfill those requirements will be asked to change their password the next time they log in. You can make sure user passwords have one or more of the following:

• At least one lowercase and one uppercase letter
• At least one number
• At least one special character ( '!', '@', '&', etc.)
• A minimum amount of characters (must be at least 8)

Password expiration and reuse

A password expiration date or password reuse condition can be set up for your users' passwords.

• Password expires – Your users' passwords can be set to expire every 365 days, 180 days, 90 days, 60 days, 30 days, or never.
• Password reuse – Password resets can be limited to forbid just the current password or current password and one previous password
  
  

Advanced rules

When you expand the Advanced rules section, you will be able to set up more sophisticated security rules to limit user access.

Allow access only for specific IP addresses
If you want your users to only access Pipedrive when they are in specific locations, you can add IP address conditions to your advanced security rules. All users without account settings access will then only have access to company data when they are under these IP addresses. Click on "Add IP address" to get started.

In the Add IP window, you will see the option to either type in an IP address or autofill your current IP address. You can add more than one IP address depending on your access limitation requirements.

Allow access only at specific times
Enabling this rule will restrict user access to specific time frames, such as company working hours or a timezone. All users without account settings access will lose access to Pipedrive outside of the days, time and time zone that are added.

You can click on "Add time range" to set up your time range restrictions.

Confirming and validating your changes

Once all of the rules are set up, you can click on "Preview and enforce" to validate your changes. Confirm your security rule details in the window that appears and click on "Enforce now" to implement your rules.

You can choose where to send a summary of the changes made to your users.