Note: The Security rules feature is one of the many useful features of Pipedrive's Professional and Enterprise plans. Only Admin users can set up Security rules in a company account.
Keeping data safe is essential for any business. With the Security Rules feature, Admin users of a Pipedrive company account can enforce access restrictions to ensure that business data is only available to the right people at the right place and time.
To access and set up your Security rules, go to Settings > Security center > Rules.
Note: Security Rules will not apply when accessing Pipedrive through the Mobile App.
Two-factor authentication (2FA)
You can toggle this option on to enforce Two-factor authentication (2FA) for all users. The 2FA feature protects your Pipedrive user account by sending users an email with a click-to-verify link the next time you log in. Each user will only need to be verified every 30 days on each device.
When an admin user enforces password strength requirements, any users with passwords that do not fulfill those requirements will be asked to change their password the next time they log in. You can make sure user passwords have one or more of the following:
- At least one lowercase and one uppercase letter
- At least one number
- At least one special character ( '!', '@', '&', etc.)
- A minimum amount of characters (must be at least 8)
Password expiration and reuse
A password expiration date or password reuse condition can be set up for your users' passwords.
- Password expires
Your users' passwords can be set expire every 365 days, 180 days, 90 days, 60 days, 30 days, or never.
- Password reuse
Password resets can be limited to forbid just the current password or current password and one previous password
When you expand the Advanced rules section, you will be able to set up more sophisticated security rules to limit user access.
Note: Once enforced, Advanced rules will immediately apply for all regular users. All Admin users will not be affected.
Allow access only for specific IP addresses
If you want your users to only access Pipedrive when they are in specific locations, you can add IP address conditions to your advanced security rules. Regular users will then only have access to company data when they are under these IP addresses. Click on Add IP address to get started.
In the Add IP window, you will see the option to either type in an IP address or autofill your current IP address. You can add more than one IP address depending on your access limitation requirements.
Allow access at only at specific times
Enabling this rule will restrict user access to specific time frames, such as company working hours or a timezone. Regular users will lose access to Pipedrive outside of the days, time, and time zone that is added by the Admin user.
You can click on Add time range to set up your time range restrictions.
Confirming and validating your changes
Once all of the rules are set up, you can click on Preview and enforce to validate your changes. Confirm your security rule details in the window that appears and click on Enforce now to implement your rules.
You can choose here to send a summary of the changes made to your users.