Knowledge Base

Topics
Two-factor authentication (2FA)
Password strength
Password expiration and reuse
Advanced rules
Confirming and validating your changes

Security rules

JT
Jenny Takahara, November 2, 2023
Note: The security rules feature is one of the many useful features of Pipedrive's Enterprise plan. Only users with account settings access can set up security rules in a company account.

Keeping data safe is essential for any business. With the security rules feature, it is possible to enforce access restrictions to ensure that business data is only available to the right people at the right place and time.

To access and set up your security rules, go to Settings > Security center > Rules.

Note: With an exception of two-factor authentication, security rules will not apply when accessing Pipedrive through the mobile app.

Two-factor authentication (2FA)

You can toggle this option to enforce two-factor authentication (2FA) for all users. The 2FA feature protects your Pipedrive user account by sending users an email with a click-to-verify link the next time you log in. Each user will only need to be verified every 30 days on each device.


Password strength

When a user with account settings access enforces password strength requirements, any users with passwords that do not fulfill those requirements will be asked to change their password the next time they log in. You can make sure user passwords have one or more of the following:

  • At least one lowercase and one uppercase letter
  • At least one number
  • At least one special character ( '!', '@', '&', etc.)
  • A minimum amount of characters (must be at least 8)
passwordstrength.gif


Password expiration and reuse

A password expiration date or password reuse condition can be set up for your users' passwords.

  • Password expires – Your users' passwords can be set to expire every 365 days, 180 days, 90 days, 60 days, 30 days, or never.
  • Password reuse – Password resets can be limited to forbid just the current password or current password and one previous password

passwordexpirationandreuse.gif

Advanced rules

When you expand the Advanced rules section, you will be able to set up more sophisticated security rules to limit user access.

Note: Once enforced, advanced rules will immediately apply to all users that do not have account settings access.

Allow access only for specific IP addresses
If you want your users to only access Pipedrive when they are in specific locations, you can add IP address conditions to your advanced security rules. All users without account settings access will then only have access to company data when they are under these IP addresses. Click on "Add IP address" to get started.

In the Add IP window, you will see the option to either type in an IP address or autofill your current IP address. You can add more than one IP address depending on your access limitation requirements.

addipaddress.gif

Allow access only at specific times
Enabling this rule will restrict user access to specific time frames, such as company working hours or a timezone. All users without account settings access will lose access to Pipedrive outside of the days, time and time zone that are added.

You can click on "Add time range" to set up your time range restrictions.

timeframe.gif


Confirming and validating your changes

Once all of the rules are set up, you can click on "Preview and enforce" to validate your changes. Confirm your security rule details in the window that appears and click on "Enforce now" to implement your rules.

You can choose where to send a summary of the changes made to your users.

Screen_Shot_2020-01-17_at_5.28.57_PM.png
Was this article helpful?

Yes

No

Related articles

Got any questions?

Contact us