Whilst the recent enforcement of 2FA (via email) is a welcome addition to the security of High-Level, email based 2FA is unfortunately one of the least secure 2FA methods. So, please add more 2FA options. Including at a minimum TOTP codes (a global standard) that people can use through whatever TOTP App they use. (E.g. Authy, Duo, Google Authenticator, Microsoft Authenticator etc). And at the same time, please: Allow an agency to select what 2FA options they will allow to be used across their clients. Allow Admins of a sub-account to also have this level of functionality to select what 2FA options users in their Sub-Account can use IF the Agency gives it to them.

Right now it’s not possible to protect GHL assets and settings from being changed intentionally or unintentionally. For example, forms and surveys submissions can overwrite field values. Snapshot deployments can overwrite almost any GHL object. We need the ability to “lock” or “protect” sub-account assets to prevent unintended updates to these (and probably other) items in CHL Field values and names -- “Standard” fields e.g., in Contacts -- Custom fields -- Custom values Tags Marketing/Emails Marketing/Templates Marketing/Trigger Links We also would need workflow actions to set and release these locks

“Communities” and “Client Portal” are new features, but they aren’t listed under MyStaff>Team Management>User Permissions so they can not be hidden and thus are accessible by all users. Cross ref: Bug in SaaS Configurator

Ability for reps to see either leads that are assigned to them and leads that are unassigned. This way there can be a pool of workable leads that are not yet assigned which can be seen by everyone, or have other contacts in the system that are not related to the sale but are not hidden from everyone’s view (like contacts of partners or third parties) Please vote if this is beneficial to you. I realize we are not able to add any secondary contacts into the system like this right now Preferably the UI would let us select for each user: Assigned Leads Unassigned Leads Leads assigned to others

The assigned user name should mentioned in the email received.

It would be great to have a user role called something like "manager" or give an admin the ability to assign specific users to a specific user to oversee them. Ex: Company owner wants to have a Manager oversee specific users (maybe a different area, or there's a manager for specific roles, etc) and an admin can assign a user or a "manager" specific users to oversee.

With the new A2P for Sole Prop's, the Business Profile shows every user in the CRM the subaccount holders social security number and is a huge privacy liability. Disabling the Settings toggle in User Permissions will hide that page, but it will also disable them from the Calendar Settings and users can't add a calendar nor edit an existing one. Pages like Launchpad and Business Profile should have toggleable visibility like many of the other tabs.

When a user is given the permission to view only assigned data, also include an option for data not assigned to anyone. I have appoitment setters on my accounts that can't see their lead until someone assigns it to them. I don't want them to see contacts that aren't assigned to them, but I would like them to see contacts that aren't assigned to anyone yet (cold). HIGHLVL-I-6928

We need the addition of a new user type “Manager” that has access to their own data, and only the data of the users assigned to them.