Account security
Learn how to enforce Dashboard & API security access.
Enforce account security
When dealing with user access to the Dashboard and API, you may consider adding an extra layer of security. Here you will find a way to restrict access to both Dashboard & API only to the IP addresses you specify.
You will also learn how to activate your email notifications to receive information about events occurring in your configuration, in few seconds. Email notifications is a very useful feature when you're away from the Dashboard while important events have occurred.
Plan restriction
This feature is only available for Corporate and Enterprise plans.
This page focuses on how to setup the following:
- IP restriction to access the dashboard
- IP restriction to call the API
- Email notifications to be sent to all admin users
- Enforcing Two-Factor Authentication for all users
Dashboard access IP restriction
Caution
When this feature is enabled, the Dashboard access will be restricted to the list of allowed IP addresses
Here you can input the IP address to be allowed.
Simply click on the "Add" button to input an IP address:
After you click "Confirm", you will be able to see the IP address in the following list:
From here, you simply need to activate the list by clicking on the toggle button.
API access IP restriction
Caution
This restriction will be applied to both APIs: the Protection API and the Management API
Caution
When this feature is enabled, the API calls will be restricted to the list of allowed IP addresses
The same principle applies here. You can add the IP address to be allowed:
When your IP address is added and confirmed, you can then activate the list by clicking on the toggle button:
Email notifications
All the events listed below will trigger an email notification to all the users with admin rights:
- Global protection Status Toggle: if the status of global protection has changed
- Endpoint protection Status Toggle: if the protection status of one of your endpoints has changed
- User invitation: each time a new user is provided access to your DataDome Dashboard
- User role edition: each time a user role is changed
- User deletion: each time a user account gets deleted
- Failed login attempt: each time a known user of your DataDome Dashboard failed to connect
- Deactivation of email notifications: whenever the email notifications are turned off
To activate the email notifications, click on the toggle button as shown below:
Enforcing Two-Factor Authentication for all users
Caution
You must activate Two-Factor Authentication on your personal profile before you can enforce it for all users.
Switch the toggle button to the "ON" position. On their next login attempt, all users will be directed to a mandatory screen with a prompt to enable Two-Factor Authentication (2FA) on their profile. They will not be able to access the Dashboard until they have enabled 2FA.
Updated 13 days ago