In addition to the security measures outlined in the previous two posts, there are Additional Security Measures to Keep Your Accounting Data Secure that are worth looking at: IP Address Filtering, Single Sign-On (SSO) and Two Step Verification. These settings are all found under Company > Company Information > Security.
It is sometimes important to filter where users can log in from. For example, you might only want users to be able to only log in from within the physical office, or perhaps from the physical office AND their home. There are 4 settings for IP Filtering:
- Enforce at company level
- Enforce at company level and override at user level
- Enforce at user level
These options make it easy for you to vary your restricts by user. Please note: If you select an option for Enforcing but don’t actually specify a filter there will be no IP filtering done. After you make your selection and turn on the filtering, you then need to click the green pencil icon in order to actually set up the filtering:
Single Sign-on (SSO) using the SAML 2.0 protocol is supported by Intacct as an additional security measure. If your business has an SSO system in place and SSO has been enabled in Intacct, you will not need to enter a password in order to log into Intacct. In order to enable SSO you will place a check mark in the box next to ‘Enable single sign-on’.
Once SSO is enabled on security tab of the Company Information page additional fields will be displayed in order to enable you to set up the process. The Issuer URL, Login URL and Certificate detailed below should be provided to you by your SSO identity provider.
2-step verification is an additional security measure available in Intacct in order to validate a user’s identity. There are no additional charges for 2-step verification and it is build right into Intacct. Every time a user logs into Intacct the 2-step verification process will require them to enter a verification code which they will receive either by authenticator app, text or phone call. At the bottom of the Password portion of the Company Setup Security tab you will see a checkbox to enable 2-step verification.
Once you check the above box you will be given the option whether to set up the 2-step verification for selected users or all users. On this screen there is also a box which will make it so that the user cannot set devices up as trusted. Having a trusted device means that once the user logs in once and sets the device as trusted they will no longer be required to enter a username, password or a verification code on that device. If you wish to have tighter security, you will want to put a checkbox here and not allow devices to be trusted.