Even if a user’s login name and password are compromised, you can still prevent unauthorized access with these credentials by restricting login to approved IP addresses (these can be provided by your own IT Support). All other IP addresses will require the additional security precaution of two-step authentication. The settings for two-step authentication are found on each user’s Profile page.
Prerequisites: Before setting up two-step authentication, you need to enable IP access control at an account (tenant) level as follows:
1. Navigate to Management > Security Settings > IP access control.
2. Check the Require two-step authentication when logging in from unrecognized IP addresses checkbox.
When you first enable IP access control, no IP addresses are added to allowlists.
This is the most secure setting, since every user will require two-step authentication.
You can then add single IP addresses (your own IP address is helpfully displayed) or ranges of addresses.
Users logging in from one of the IP addresses (or ranges) from an allowlist can log in with their user name and password only.
Users logging in from all other IP addresses must confirm their identity via two-step authentication. (If using a smartphone authenticator app, users can also ask Emarsys to remember individual devices, enabling login with user name and password from that device for 14 days, regardless of the IP address.)
Important: Emarsys strongly recommends activating this feature! If you do not, Emarsys disclaims all responsibility for any damage resulting from unauthorized access.