How to Manage Account Security as an Admin/Staff

Upmind offers a comprehensive suite of security features for both admins and clients. This guide will give an overview of user-level security protections. It covers:

1. IP Whitelisting
2. Extra Client Functionalities
3. Login Attempts
4. Two-factor Authentication
5. Password Resets
6. Secure Link Sharing
7. File Upload Types
8. General Security Settings

​

Security menu access

• Admins and staff: Log in, go to Settings, and select Security under the Branding and Customisation section.

• Clients: Access security options through My Account > Security.

​

Restrict access by IP (IP whitelisting)

You can control which IP addresses can access your organization’s admin area and the client area to restrict access to trusted sources. Upmind supports static IPs, staff-specific whitelists, and CIDR ranges.

​

IP whitelisting from admin

To add an IP whitelist entry from admin, enter the IP address (required) and a Description (optional).

​

IP whitelisting for staff

For staff, IPs can be set on a per-user basis in the staff control panel or per API token. This overrides global settings.

1. As an admin, you can add a staff user under Settings > Staff Users.

2. Click Create user.

3. Secure with whitelist IPs.

For more on IP whitelisting, watch this video. For clients, you can restrict access by IP under Security. For more information, follow this guide.

​

How to find out my IP address

Visit https://ip.me.uk to check your current IP.

​

Extra client functionalities

You can enable or disable the secure vault for notes and secrets at the client, lead, and contract product levels. Both staff and clients can access the vault, with all actions logged for security.

​

How to manage login attempts

The section Passwords & Login allows you to configure login security and attempts.

​

How to reset a password as staff/admin

If you want to change your password:

1. Go to My Account > Security.
2. Enter your current and new password (minimum 8 characters, at least one letter and one number).
3. Save changes.

If you forgot your password and can’t log in to Upmind, you can request a password reset on the login page:

1. On the login page, click Forgot your password?
2. Enter your email/username and request a reset link.
3. Follow the email instructions to set a new password.

If 2FA is enabled, you will need to provide the code when resetting your password.

​

Secure link sharing

You can manage shared resource links. Set default expiration (in days) for shared links to protect sensitive resources.

​

How to manage upload file types

This relates to support tickets and allowed file types for attachments. Although all attachments are virus-scanned and flagged if issues arise, it’s best to restrict attachment types to those you expect to receive.

1. Go to Settings > File Uploads.
2. Select which file types are permitted for uploads in the client area (enable Denied Download by Scan Status by ticking the boxes).
3. All uploads are virus scanned, and suspicious files are flagged.

​

General security settings

You can control various access restrictions:

• Limit viewing of client profiles and resources to users with a valid support PIN or linked tickets (non-admins only).
• Set the duration (in hours) for which access is granted after PIN entry or ticket assignment.