V7.49.0 – Strengthened Admin Security Controls

Learn about all the details of all our recent CRM updates here.

Released Date - 9 July 2025

This release focuses on reinforcing security at the administrative level, safeguarding sensitive data, reducing risk, and giving brokers greater assurance. With smarter alerts and flexible access settings, maintaining security is now easier and more reliable.

Key Function Highlights

  1. Auto Logout Configuration: Set custom logout periods to balance workflow needs with stronger account security and protection against unattended sessions.

  2. Bulk Import for Blacklisted Users: Upload blacklisted accounts in batches to save time and reduce manual work.

  3. Smarter Suspicious Login Alerts: Choose ipapi or MaxMind as your IP geolocation service; alerts will trigger only when both the "login city" differs and the "device details" change, improving accuracy and reducing false positives.

  4. Data Permissions Controls:

    1. Referral Tree Access: Admins can view the overall referral structure but cannot access client details outside their assigned permissions, ensuring compliance with data visibility rules.

    2. Sensitive Client Tiers: Client tiers can be flagged as sensitive to restrict unauthorized access, keeping confidential classifications protected.

1) Auto Logout Configuration

You can now set custom logout periods to balance workflow needs with stronger account security and protection against unattended sessions.

To do so, follow these steps:

1

Go to Security Settings

  1. Navigate to "Settings".

  2. Go to "Security Settings".

2

Configure Auto Logout

  1. Click the "Edit" icon.

  2. By default, Auto Logout After Inactivity is set to 12 hours.

  3. Update the value as needed — minimum 3 hours, maximum 168 hours.

  4. Click the "Save" icon.

2) Bulk Import for Blacklisted Users

You can now upload blacklisted accounts in batches to save time and reduce manual work.

To do so, follow these steps:

1
  1. Go to "Settings" > "Blacklist".

  2. Select "Blacklist Users".

2

Bulk Import Blacklisted Users

  1. Click "Create".

  2. Select "Batch Import".

  3. Download the "Batch_Import_Blacklist" file.

  4. Fill in the details in the file.

  5. Upload the completed file.

  6. Click "Save".

3

Batch Operation

  1. If there's any error detected in your file, it will be displayed under "Error".

  2. You will need to make the necessary amendments before importing the file again.

  3. If there are no errors, click "Confirm" to proceed with the batch import.

  4. Once you have confirmed your action, the users will be blacklisted.

3) Smarter Suspicious Login Alerts

A) Suspicious Login Prompt Logic Change

This applies to both clients and admin users.

Previously, suspicious login prompts were triggered whenever the login city differed from the previous login.

Now, alerts are triggered only when both of the following conditions are met:

  1. Remote Login Detection: The city of the current login IP is different from the city of the previous login.

  2. Device Change Detection: The current device’s details (such as browser or device type) differ from the device used in the previous login.

This ensures that alerts are sent only for meaningful anomalies, reducing false positives while maintaining security.

B) IP Source

This applies to both clients and admin users.

For detecting the city of a login IP, you can choose your preferred IP source:

  • ipapi

  • maxmind

To do so, follow these steps:

1
  1. Go to "Settings" > "Client Portal" > "Security Settings" if you're configuring for your clients.

  2. Go to "Settings" > "Back Office Portal" > "Security Settings" if you're configuring for your admin users.

2

Select Preferred IP Source

  1. Click the "Edit" icon.

  2. Select the preferred "IP Source".

  3. You can click the "Link" icon to find out more about the providers. You will be redirected to their respective website.

  4. Click "Save".

C) System Logs Updated

Client and Admin Login Logs now include a new column, “Login Device”, which displays both the device details and device ID. This enhancement enables better tracking and monitoring of login activity.

4) Data Permissions Controls

A) Referral Tree Access

  1. If you have configured data permissions for your admins, they can still view the full referral tree.

  2. However, when they click the "Details" icon for a client outside their assigned permissions, an error message will appear stating that they do not have the required access to view the client’s information.

B) Sensitive Client Tiers

Client tiers can be flagged as sensitive to restrict unauthorized access, keeping confidential classifications protected.

To do so, follow these steps:

1

Add Sensitive Fields

  1. Go to "Settings" > "Client Group".

  2. Click "Add Sensitive Fields".

2

Set Client Tier as Sensitive Field

  1. Select "Tier" to hide this field in the respective reports.

  2. You can use the "Search" function to tick all respective "Tier" fields.

  3. Click "Confirm".

3

Application

  1. "Tier" will be hidden from the respective reports.

  2. For example, before setting "Tier" as a sensitive field, clients will be able to view their downline's tiers.

  3. After setting up sensitive field, "Tier" will no longer be visible.

Last updated