Security Settings
SETTINGS & ADMINISTRATION Security Settings Overview Security Settings protect your Lead Fuel CRM account and data from unauthorized access.
Configure two-factor authentication, manage user sessions, restrict access by IP address, and monitor security events.
These controls are essential for safeguarding sensitive customer information and maintaining compliance with data protection regulations.
Two-Factor Authentication (2FA) Enabling 2FA for Your Account Step 1: Go to Settings > Security Settings > Two-Factor Authentication Step 2: Click "Enable Two-Factor Authentication" Step 3: Choose your preferred authentication method (see options below) Step 4: Follow the setup instructions for your chosen method Step 5: Save backup codes in a secure location Step 6: Test login with 2FA enabled before closing the setup Authentication Methods • Authenticator App: Use Google Authenticator, Microsoft Authenticator, or Authy.
Scan QR code to add account.
• SMS Code: Receive 6-digit codes via text message to your phone • Email Code: One-time codes emailed to your registered email address • Backup Codes: One-time codes for emergency account access if primary method unavailable Important: Store backup codes securely (password manager, safe, etc.).
If you lose all authentication methods, contact support to regain access.
Requiring 2FA for All Users Force all team members to enable two-factor authentication: Step 1: Navigate to Settings > Security Settings > 2FA Policy Step 2: Enable "Require 2FA for all team members" Step 3: Set grace period (default 7 days) for users to configure 2FA Step 4: After grace period, users must complete 2FA setup to access the system Step 5: Non-compliant users are locked out until 2FA is enabled Session Management Auto-Logout Settings Automatically log out inactive users: • Inactivity Timeout: Log out users after 15 min, 30 min, 1 hour, or 4 hours of no activity • Persistent Login: Allow users to stay logged in across multiple sessions (less secure) • Remember This Device: Skip 2FA on trusted devices for future logins Active Sessions Step 1: Go to Settings > Security Settings > Active Sessions Step 2: View all devices and locations currently logged into your account Step 3: See device type, browser, IP address, and last activity for each session Step 4: Click "Sign Out" to remotely logout from any device Step 5: Identify suspicious sessions (unfamiliar location, device) and terminate them IP Restriction & Whitelist Limit CRM access to specific IP addresses: Step 1: Navigate to Settings > Security Settings > IP Whitelist Step 2: Click "Add IP Address" and enter your office/home IP Step 3: Separate multiple IPs with commas or use CIDR notation for ranges Step 4: When enabled, only whitelisted IPs can access your account Step 5: Add your ISP's IP range if using a mobile/home connection Step 6: Ensure all team members' IPs are added before enabling restriction Tip: For remote teams, consider using a corporate VPN and whitelisting the VPN's IP address instead of individual IPs.