Skip to main content
Upmind offers a comprehensive suite of security features for both admins and clients. This guide will give an overview of user-level security protections. It covers:
  1. IP Whitelisting
  2. Extra Client Functionalities
  3. Login Attempts
  4. Two-factor Authentication
  5. Password Resets
  6. Secure Link Sharing
  7. File Upload Types
  8. General Security Settings
For information on managing two-factor authentication (2FA) as an admin/staff, follow this guide.

Security menu access

  • Admins and staff: Log in, go to Settings, and select Security under the Branding and Customisation section.
Settings > SecuritySettings > Security
  • Clients: Access security options through My Account > Security.
My account > SecurityMy account > Security

Restrict access by IP (IP whitelisting)

You can control which IP addresses can access your organisation’s admin area and the client area to restrict access to trusted sources. Upmind supports static IPs, staff-specific whitelists, and CIDR ranges.
Avoid dynamic IPs to prevent accidental lockouts.

IP whitelisting from admin

To add an IP whitelist entry from admin, enter the IP address (required) and a Description (optional).
Restrict access by IP from Admin (Setting > Security)Restrict access by IP from Admin (Setting > Security)

IP whitelisting for staff

For staff, IPs can be set on a per-user basis in the staff control panel or per API token. This overrides global settings.
  1. As an admin, you can add a staff user under Settings > Staff Users.
Settings > Staff usersSettings > Staff users
  1. Click Create user.
Create userCreate user
  1. Secure with whitelist IPs.
Secure with whitelist IPs for staffSecure with whitelist IPs for staff
For more on IP whitelisting, watch this video. For clients, you can restrict access by IP under Security. For more information, follow this guide.

How to find out my IP address

Visit https://ip.me.uk to check your current IP.

Extra client functionalities

You can enable or disable the secure vault for notes and secrets at the client, lead, and contract product levels. Both staff and clients can access the vault, with all actions logged for security.
Enable/disable client/brand notes and vaultEnable/disable client/brand notes and vault

How to manage login attempts

The section Passwords & Login allows you to configure login security and attempts.

How to reset a password as staff/admin

If you want to change your password:
  1. Go to My Account > Security.
  2. Enter your current and new password (minimum 8 characters, at least one letter and one number).
  3. Save changes.
Reset passwordReset password
If you forgot your password and can’t log in to Upmind, you can request a password reset on the login page:
  1. On the login page, click Forgot your password?
  2. Enter your email/username and request a reset link.
  3. Follow the email instructions to set a new password.
Forgotten passwordForgotten password
If 2FA is enabled, you will need to provide the code when resetting your password.
2FA code required2FA code required
You can manage shared resource links. Set default expiration (in days) for shared links to protect sensitive resources.
Secure linksSecure links

How to manage upload file types

This relates to support tickets and allowed file types for attachments. Although all attachments are virus-scanned and flagged if issues arise, it’s best to restrict attachment types to those you expect to receive.
  1. Go to Settings > File Uploads.
  2. Select which file types are permitted for uploads in the client area (enable Denied Download by Scan Status by ticking the boxes).
  3. All uploads are virus scanned, and suspicious files are flagged.
Select file upload typesSelect file upload types

General security settings

You can control various access restrictions:
  • Limit viewing of client profiles and resources to users with a valid support PIN or linked tickets (non-admins only).
  • Set the duration (in hours) for which access is granted after PIN entry or ticket assignment.
Control application securityControl application security