Skip to main content

Setting Up Two-Factor Authentication (2FA) in Saleshandy

Malav avatar
Written by Malav
Updated over 5 months ago

Your Saleshandy account holds sensitive data like email accounts, leads, and outreach sequences. Unauthorized access can compromise campaigns, leak prospect data, or harm your domain reputation.

2FA adds an extra layer of security, ensuring that even if your password is stolen, login requires a one-time OTP sent to your registered email or mobile device.

For teams, 2FA prevents unauthorized access, allowing only verified members to log in.

Admins can track login sessions, monitor attempts, and expire sessions if needed, ensuring full control over account security. πŸš€

Preparing for 2FA

Before enabling 2FA, ensure the following:

βœ… You are using the latest version of the Saleshandy app (Web & Mobile).

βœ… You have access to your registered email where the OTP will be sent.

Setting Up 2FA in Saleshandy

1️⃣ Log in to your Saleshandy account.

2️⃣ Go to Settings from the side navigation bar.

3️⃣ Navigate to Admin Settings.

4️⃣ Under Security, enable the toggle:

"Require email OTP for all user logins as a Two-Factor Authentication step."

5️⃣ Once enabled, every time you or your team members log in, you’ll need to enter an OTP sent to your registered email.

πŸ“Œ Note: This applies to all users except those using the old agency portal, where the login process remains unchanged.

Setting Up 2FA on Mobile

If you use the Saleshandy mobile app (iOS & Android), the 2FA process remains the same.

1️⃣ Open the Saleshandy app.

2️⃣ Enter your email and password.

3️⃣ A verification code (OTP) will be sent to your registered email.

4️⃣ Enter the OTP to complete your login.

Downloading the Login Session Report

Admins and account owners can track login activity using the Session Report, which logs:

πŸ“Œ Login/Logout timestamps

πŸ“Œ IP addresses

πŸ“Œ Login attempts (successful & failed)

πŸ“Œ Device/browser details

How to Download the Session Report

1️⃣ Navigate to the User & Teams tab.

2️⃣ Click on the "Download" button.

3️⃣Select the date range for which you want to download the report

4️⃣A CSV file with all login session details will be sent to your registered email.

Session Report Details

The downloaded report will include:
πŸ“Œ Email Address – User's registered email
πŸ“Œ Activity – Login/Logout status (e.g., Logged In, Logged Out, Session Expired)
πŸ“Œ Timestamp – Time of activity (based on the user's profile timezone)
πŸ“Œ IP Address – IP used for login
πŸ“Œ Location – Approximate location of login
πŸ“Œ Login From – Device/browser used for login (or β€˜-’ if no login activity)

Types of Activity Logged

  • Logged In

  • Logged Out

  • Session Expired by {{First Name}}

  • Password Reset

  • Login Failed – Incorrect Password

  • Login Failed – SSO Rejected

  • Login Failed – Incorrect 2FA

  • Login Failed – Disabled User

This report helps in monitoring security risks and detecting unauthorized login attempts.

Key Points About OTP for 2FA

How OTP Works

  • You will receive a 4-digit OTP (with no consecutive repeated digits) on your registered email.

  • The OTP is valid for 10 minutes and can be used only once.

  • If you need a new OTP, you can request it after 60 seconds.

Security Measures

  • OTPs are sent only to your registered email. If you update your login email, future OTPs will be sent to the new email.

  • Each user in the account will receive their own OTP for login.

Admin & Owner Controls

  • Admins and Owners can enable or disable OTP-based 2FA for all team members in Admin Settings under:
    βœ… "Require Email OTP for All User Logins as a Two-Factor Authentication Step."

  • By default, 2FA is OFF, and OTPs will not be required unless enabled.

  • 2FA applies to all users, except for old agency accounts (White-label clients, LTD users, v3 Agency clients, etc.).

FAQ

  1. What happens if I don’t receive the OTP?

  • Check your Spam/Junk folder.

  • Ensure you have access to the registered email.

  • Wait at least 60 seconds before requesting a new OTP.

  • If the issue persists, contact [email protected].

2. Can I disable 2FA?

  • Yes, Admins & Owners can disable 2FA from Admin Settings. However, it is recommended to keep it enabled for better security.

3. What happens if my session expires?

  • You will be automatically logged out and will need to log in again using 2FA.

4. Does 2FA apply to all users?

  • Yes, except for users on the old agency portal.

5. How long is the OTP valid?

  • The OTP is valid for 10 minutes. If expired, request a new one.

Related Articles
πŸ”’ 2-Step Verification(2-Factor Authentication): What, Why, and How to Enable It?
Microsoft: Steps to Authenticate the Email ID to Accept Third-Party Tool(Saleshandy)
Enhance Your Brand Identity with Saleshandy's White Label Feature
Saleshandy and TrulyInbox Integration
Did this answer your question?