Your Saleshandy account holds sensitive data like email accounts, leads, and outreach sequences. Unauthorized access can compromise campaigns, leak prospect data, or harm your domain reputation.
2FA adds an extra layer of security, ensuring that even if your password is stolen, login requires a one-time OTP sent to your registered email or mobile device.
For teams, 2FA prevents unauthorized access, allowing only verified members to log in.
Admins can track login sessions, monitor attempts, and expire sessions if needed, ensuring full control over account security. 🚀
Preparing for 2FA
Before enabling 2FA, ensure the following:
✅ You are using the latest version of the Saleshandy app (Web & Mobile).
✅ You have access to your registered email where the OTP will be sent.
Setting Up 2FA in Saleshandy
1️⃣ Log in to your Saleshandy account.
2️⃣ Go to Settings from the side navigation bar.
3️⃣ Navigate to Admin Settings.
4️⃣ Under Security, enable the toggle:
"Require email OTP for all user logins as a Two-Factor Authentication step."
5️⃣ Once enabled, every time you or your team members log in, you’ll need to enter an OTP sent to your registered email.
📌 Note: This applies to all users except those using the old agency portal, where the login process remains unchanged.
Setting Up 2FA on Mobile
If you use the Saleshandy mobile app (iOS & Android), the 2FA process remains the same.
1️⃣ Open the Saleshandy app.
2️⃣ Enter your email and password.
3️⃣ A verification code (OTP) will be sent to your registered email.
4️⃣ Enter the OTP to complete your login.
Downloading the Login Session Report
Admins and account owners can track login activity using the Session Report, which logs:
📌 Login/Logout timestamps
📌 IP addresses
📌 Login attempts (successful & failed)
📌 Device/browser details
How to Download the Session Report
1️⃣ Navigate to the User & Teams tab.
2️⃣ Click on the "Download" button.
3️⃣Select the date range for which you want to download the report
4️⃣A CSV file with all login session details will be sent to your registered email.
Session Report Details
The downloaded report will include:
📌 Email Address – User's registered email
📌 Activity – Login/Logout status (e.g., Logged In, Logged Out, Session Expired)
📌 Timestamp – Time of activity (based on the user's profile timezone)
📌 IP Address – IP used for login
📌 Location – Approximate location of login
📌 Login From – Device/browser used for login (or ‘-’ if no login activity)
Types of Activity Logged
Logged In
Logged Out
Session Expired by {{First Name}}
Password Reset
Login Failed – Incorrect Password
Login Failed – SSO Rejected
Login Failed – Incorrect 2FA
Login Failed – Disabled User
This report helps in monitoring security risks and detecting unauthorized login attempts.
Key Points About OTP for 2FA
How OTP Works
You will receive a 4-digit OTP (with no consecutive repeated digits) on your registered email.
The OTP is valid for 10 minutes and can be used only once.
If you need a new OTP, you can request it after 60 seconds.
Security Measures
OTPs are sent only to your registered email. If you update your login email, future OTPs will be sent to the new email.
Each user in the account will receive their own OTP for login.
Admin & Owner Controls
Admins and Owners can enable or disable OTP-based 2FA for all team members in Admin Settings under:
✅ "Require Email OTP for All User Logins as a Two-Factor Authentication Step."By default, 2FA is OFF, and OTPs will not be required unless enabled.
2FA applies to all users, except for old agency accounts (White-label clients, LTD users, v3 Agency clients, etc.).
FAQ
What happens if I don’t receive the OTP?
Check your Spam/Junk folder.
Ensure you have access to the registered email.
Wait at least 60 seconds before requesting a new OTP.
If the issue persists, contact [email protected].
2. Can I disable 2FA?
Yes, Admins & Owners can disable 2FA from Admin Settings. However, it is recommended to keep it enabled for better security.
3. What happens if my session expires?
You will be automatically logged out and will need to log in again using 2FA.
4. Does 2FA apply to all users?
Yes, except for users on the old agency portal.
5. How long is the OTP valid?
The OTP is valid for 10 minutes. If expired, request a new one.