All new SaaS sub-accounts will now have to verify their email and phone number before the sub-account users can access their account.
Use Case
Protecting SaaS agencies from scammers who use VoIP numbers and disposable email IDs to create multiple sub-accounts.
How it works?
- We have put 2-Factor Authentication in place for sub-account admins when they login to their accounts for the first time.
- As soon as they log in, first we will send a verification code to their registered email address which they have to enter in order to proceed.
- After email verification, the sub-account admin is asked to enter an SMS enabled phone number which will then get a verification code that they have to enter to gain access to their account.
- Note:The same phone number can not then be used to create/verify another sub-account (with any SaaS agency) for the next 7 days.
Bypassing 2FA
- There is no way for a sub-account admin to bypass the 2FA.
- Agency admins will have the option to manually verify a sub-account (without any code) from the sub-account's Manage Clientpage after at least 1 failed attempt by the sub-account admin.
- 2FA is enabled by default for all SaaS agencies and sub-accounts, and can NOT be disabled.