Setting Up Two-Factor Authentication (2FA) in Saleshandy

Your Saleshandy account holds sensitive data like email accounts, leads, and outreach sequences. Unauthorized access can compromise campaigns, leak prospect data, or harm your domain reputation.

2FA adds an extra layer of security, ensuring that even if your password is stolen, login requires a one-time OTP sent to your registered email or mobile device.

For teams, 2FA prevents unauthorized access, allowing only verified members to log in.

Admins can track login sessions, monitor attempts, and expire sessions if needed, ensuring full control over account security. 🚀

Preparing for 2FA

Before enabling 2FA, ensure the following:

✅ You are using the latest version of the Saleshandy app (Web & Mobile).

✅ You have access to your registered email where the OTP will be sent.

Setting Up 2FA in Saleshandy

1️⃣ Log in to your Saleshandy account.

2️⃣ Go to Settings from the side navigation bar.

3️⃣ Navigate to Admin Settings.

4️⃣ Under Security, enable the toggle:

"Require email OTP for all user logins as a Two-Factor Authentication step."

5️⃣ Once enabled, every time you or your team members log in, you’ll need to enter an OTP sent to your registered email.

📌 Note: This applies to all users except those using the old agency portal, where the login process remains unchanged.

Setting Up 2FA on Mobile

If you use the Saleshandy mobile app (iOS & Android), the 2FA process remains the same.

1️⃣ Open the Saleshandy app.

2️⃣ Enter your email and password.

3️⃣ A verification code (OTP) will be sent to your registered email.

4️⃣ Enter the OTP to complete your login.

Downloading the Login Session Report

Admins and account owners can track login activity using the Session Report, which logs:

📌 Login/Logout timestamps

📌 IP addresses

📌 Login attempts (successful & failed)

📌 Device/browser details

How to Download the Session Report

1️⃣ Navigate to the User & Teams tab.

2️⃣ Click on the "Download" button.

3️⃣Select the date range for which you want to download the report

4️⃣A CSV file with all login session details will be sent to your registered email.

Session Report Details

The downloaded report will include:
📌 Email Address – User's registered email
📌 Activity – Login/Logout status (e.g., Logged In, Logged Out, Session Expired)
📌 Timestamp – Time of activity (based on the user's profile timezone)
📌 IP Address – IP used for login
📌 Location – Approximate location of login
📌 Login From – Device/browser used for login (or ‘-’ if no login activity)

Types of Activity Logged

Logged In
Logged Out
Session Expired by {{First Name}}
Password Reset
Login Failed – Incorrect Password
Login Failed – SSO Rejected
Login Failed – Incorrect 2FA
Login Failed – Disabled User

This report helps in monitoring security risks and detecting unauthorized login attempts.

Key Points About OTP for 2FA

How OTP Works

You will receive a 4-digit OTP (with no consecutive repeated digits) on your registered email.
The OTP is valid for 10 minutes and can be used only once.
If you need a new OTP, you can request it after 60 seconds.

Security Measures

OTPs are sent only to your registered email. If you update your login email, future OTPs will be sent to the new email.
Each user in the account will receive their own OTP for login.

Admin & Owner Controls

Admins and Owners can enable or disable OTP-based 2FA for all team members in Admin Settings under:
✅ "Require Email OTP for All User Logins as a Two-Factor Authentication Step."
By default, 2FA is OFF, and OTPs will not be required unless enabled.
2FA applies to all users, except for old agency accounts (White-label clients, LTD users, v3 Agency clients, etc.).