Firm settings - Security

Role Permissions

Security settings - Role permissions

The Role Permissions section contains options to review Cloud's built-in roles and create new ones to suit your organization's requirements.

Name Description
Add Role

Create a new security role. For more information, see Create custom security roles.

Copy/Edit/Delete Role

Modify, or remove security roles. Cloud's built-in roles cannot be edited or deleted. You can use the Copy option to use a built-in role's permission settings as the basis for a new custom role.

Applies to

Denotes whether the role is for Staff () or Contacts ().

Role name

The name of the role.


The access levels defined in this role.

Password Settings

Password options displayed on the Settings page.

Set the system-wide standards for user passwords: Moderate, Strong, or Very Strong, as well as the frequency with which users will be required to reset their passwords. Cloud's definitions for each security level are displayed in the examples.

Authentication and Session Management

You can enable session management to permit users to stay signed in for a specified period of time. When enabled, users only need to sign in once to access Cloud during the specified period from the same browser. Only when users explicitly sign out of the system, or have exceeded the specified time limit, will they need to sign back in.

With two-factor authentication, users will be expected to supply two pieces of information to verify their identity before gaining access to Cloud. To learn more about two-factor authentication, see Configure two-factor authentication .

These options are disabled by default.

Two-factor authentication

Two-factor authentication settings.

All Staff - Enable two-factor authentication for all staff accounts.

All Contacts - Enable two-factor authentication for all contacts.

Allow user to skip setup until: - Allow users to sign in without two-factor authentication until the specified date.

Require users to log in using two-factor authentication - Set how often users are required to enter a verification code when they sign in.

  • Every 30 days - User must enter a new verification code every 30 days.
  • Every sign-in- User must enter a new verification code each time they sign in.

The first time a user signs in on a device, they must enter a new verification code.

Session management

The options available in the Session Management section of the Settings page.

To enable session management, select Remember Users on Sign In and type the number of hours in Hours to Remember Users.

Users can then select Stay signed in for X hours when signing in