In the Security Settings tab, brokers can configure important security features for the CRM Client Portal. These include:
Remote Login Prompts: By enabling remote login prompts in the Security Settings tab, brokers can enhance the security of the CRM Client Portal. This feature alerts clients whenever their account is accessed from a different IP address than usual. It serves as a proactive measure to notify clients of potential unauthorized access to their account. Prompting clients with these alerts allows them to take immediate action if they suspect any suspicious activity and helps ensure the safety of their account.
Password Strength Settings: In the Security Settings tab, brokers can configure the password strength requirements for their clients. This feature allows brokers to define specific criteria for creating strong passwords. By implementing strong password policies, brokers enhance the overall security of client accounts, making them less susceptible to password-related breaches or unauthorized access attempts.
Two-Factor Authentication Settings: Brokers are empowered to further fortify the security of the CRM by configuring mandatory Two-Factor Authentication (2FA). This advanced security measure adds an extra layer of protection to clients account by requiring clients to key in the 2FA code before performing any actions. This helps to reduce the risk of unauthorized access, even if account passwords are compromised.
To set password strength settings for your clients, follow these steps:
Click on the "Edit" icon in the Security Settings tab.
Select your preferred Password Strength Settings.
Click "Save" to apply the changes.
When clients register a new account and proceed to set up their password, they are required to adhere to the password strength settings that have been selected by the broker.
When clients update their account password, they are required to follow the password security settings as well.
You can require clients to activate Two-Factor Authentication (2FA) for enhanced account protection. By default, this function is disabled. Once enabled, you can select the operations that will require clients to input a 2FA code:
Login
Deposit
Withdraw
Transfer
Prop Challenge Fee Payment
Trading Competition Fee Payment
Change Password
Update Email
To set up Mandatory 2FA Verification for your clients, follow these steps:
For clients without any existing 2FA setup, they will be prompted to activate 2FA upon logging in to the CRM Client Portal.
To complete the activation process, clients will need to follow the provided steps, input the 2FA code, and then click "Submit."
Once 2FA has been setup, the client will be logged into their CRM account.
Clients will not have the option to disable 2FA via the "Settings" page.
Clients will be asked to enter a 2FA One-Time Password (OTP) when conducting the operations configured to require mandatory 2FA verification.
For clients who have already set up 2FA, their accounts will remain unchanged.
They will continue to use 2FA as usual when logging in and when performing any of the operations that require mandatory 2FA.
You can define limits on failed login attempts for both clients and admins, triggering automatic account suspension after repeated failures to mitigate security risks.
To setup failed login attempt limit, follow these steps:
When your client or admin user's login attempt has failed, they will see a notification to inform them of the remaining number of attempts remaining.
If the failed login attempt reaches the maximum limit configured, a notification will be displayed to inform the client or admin user that their account has been suspended.
To enable the account, you will need to do the following:
For client accounts, locate the account under the "Clients" list and click the "Unsuspend" icon.
For user accounts, under "User Management", click the "Filter" icon and select "Suspended" as the Account Status. You will see a list of suspended users. Locate the user you wish to enable and click the "Unsuspend" icon.
To enable remote login prompts for the CRM Client Portal, follow these steps:
Click on the "Edit" icon in the Security Settings tab.
Click on the "Enable" icon to activate this feature.
If you wish to disable remote login prompts at any time, click the same icon to deactivate it.
Click "Save" to apply the changes.
When Prompts for Remote Logins is enabled, the client will be notified if their account is accessed from a different IP address than their previous login.
When such a situation occurs, clients will receive prompts through the following methods:
Popup Notice on CRM Client Portal: A notification will be displayed to the client immediately upon login, informing them that their account was accessed from a different IP address. This prompt serves as an alert to the client to verify the legitimacy of the login. Clients can click "Change the Password" to protect their account.
Email Notification: In addition to the popup notice, an email will be sent to the client's registered email address. This email serves as an additional means of notification, providing the client with information about the login activity and advising them to take appropriate action if the login was unauthorized.
If a client's chosen password does not meet the specified requirements, an error notice will be displayed, informing the client of the password requirements that were not met. This notice serves as a reminder to the client to create a password that meets the specified criteria, ensuring that their account remains secure.
