We understand security is important when managing your guest data, so we have implemented new security rules that will apply to all accounts from June 1, 2025.
All users with "Owner" (super admin) permissions will now require an MFA code during sign-in to protect their accounts. The Owner can also enforce MFA for their whole account or just for specific Users.
Owner accounts will now receive emails on security events within the account.
Users will receive a new device email.
Users logging into an IP-restricted account with a blocked IP address won't be able to log in.
See below for further information on how you can manage your account security.
Multi-factor Authentication
Users with the user type "Owner" will now be required to enter an MFA code when logging in (we currently only support email).
Enforcing MFA
Owners can enforce MFA on all users within their account - please note that if the user does not have an email address assigned to their user, they will no longer be able to log in.
To enforce MFA set enforcement within the "Account" > "Security" tab.
To manage the assigned MFA users, select the user within the "Account" > "Users" list and switch on "Enforced MFA"
Email Alerts
All users will receive an email when they log into a new computer or device.
All Owner accounts will also receive alerts when:
A new user is created in the account
IP Access Lists have been changed
IP Access Control
Accounts can be set to disallow access from anywhere except the allowed list of IP addresses.
Owner users can set up and manage their IP access control within the "Account" > "Security" tab.
Updating this list will alert all Owner users within the account.