How to Manage Account Security as an Admin/Staff

Security Management is important for any Account. Manage account security for your Upmind account and secure your complete automation platform account.

Last updated 3 days ago

Upmind offers a comprehensive suite of security features for both admins and clients. This guide will give an overview of user-level security protections. It covers:

  1. IP Whitelisting

  2. Extra Client Functionalities

  3. Login Attempts

  4. Two-factor Authentication

  5. Password Resets

  6. Secure Link Sharing

  7. File Upload Types

  8. General Security Settings

🚧 For information on managing two-factor authentication (2FA) as an admin/staff, follow this guide.

Security menu access

  • Admins and staff: Log in, go to Settings, and select Security under the Branding and Customisation section.

Settings > Security

  • Clients: Access security options through My Account > Security.

My account > Security

Restrict access by IP (IP whitelisting)

You can control which IP addresses can access your organization’s admin area and the client area to restrict access to trusted sources. Upmind supports static IPs, staff-specific whitelists, and CIDR ranges.

📘 Avoid dynamic IPs to prevent accidental lockouts.

IP whitelisting from admin

To add an IP whitelist entry from admin, enter the IP address (required) and a Description (optional).

Restrict access by IP from Admin (Setting > Security)

IP whitelisting for staff

For staff, IPs can be set on a per-user basis in the staff control panel or per API token. This overrides global settings.

  1. As an admin, you can add a staff user under Settings > Staff Users.

Settings > Staff users

  1. Click Create user.

Create user

  1. Secure with whitelist IPs.

Secure with whitelist IPs for staff

For more on IP whitelisting, watch this video.

For clients, you can restrict access by IP under Security. For more information, follow this guide.

How to find out my IP address

Visit https://ip.me.uk to check your current IP.

Extra client functionalities

You can enable or disable the secure vault for notes and secrets at the client, lead, and contract product levels. Both staff and clients can access the vault, with all actions logged for security.

Enable/disable client/brand notes and vault

How to manage login attempts

The section Passwords & Login allows you to configure login security and attempts.

Field Name

Description

Allow client login by any email address

If enabled, clients can login using any email address in their account settings.

Allow client login by any active service identifier

If enabled, clients can login using any active service identifier, such as a domain name.

Max failed attempts

Control the number of failed login attempts before lockout.

Max failed 2FA attempts

Set maximum failed attempts for passwords and 2FA.

Lockout minutes

Define lockout duration in minutes.

How to reset a password as staff/admin

If you want to change your password:

  1. Go to My Account > Security.

  2. Enter your current and new password (minimum 8 characters, at least one letter and one number).

  3. Save changes.

Reset password

If you forgot your password and can’t log in to Upmind, you can request a password reset on the login page:

  1. On the login page, click Forgot your password?

  2. Enter your email/username and request a reset link.

  3. Follow the email instructions to set a new password.

Forgotten password

If 2FA is enabled, you will need to provide the code when resetting your password.

2FA code required

Secure link sharing

You can manage shared resource links. Set default expiration (in days) for shared links to protect sensitive resources.

Secure links

How to manage upload file types

This relates to support tickets and allowed file types for attachments. Although all attachments are virus-scanned and flagged if issues arise, it’s best to restrict attachment types to those you expect to receive.

  1. Go to Settings > File Uploads.

  2. Select which file types are permitted for uploads in the client area (enable Denied Download by Scan Status by ticking the boxes).

  3. All uploads are virus scanned, and suspicious files are flagged.

Select file upload types

General security settings

You can control various access restrictions:

  • Limit viewing of client profiles and resources to users with a valid support PIN or linked tickets (non-admins only).

  • Set the duration (in hours) for which access is granted after PIN entry or ticket assignment.

Control application security