Back to docs

Settings & Billing

Security settings

Two-factor authentication, session management, and IP allowlists.

Security settings

Two-factor authentication (2FA)

For individual accounts:

  1. Go to Settings → Security → Two-factor authentication.
  2. Click Enable 2FA.
  3. Scan the QR code with an authenticator app (Google Authenticator, Authy, etc.).
  4. Enter the 6-digit code to verify and save.

Once enabled, you'll be asked for a 2FA code every time you sign in.

Workspace-wide enforcement (Admin):
Owners can require all members to have 2FA enabled. Go to Settings → Security → Require 2FA for all members. Members without 2FA will be blocked at login and prompted to set it up.

Session management

View all active sessions from Settings → Security → Active sessions. Click Revoke next to any session you don't recognise to sign it out immediately.

Sessions expire automatically after the inactivity timeout set by your workspace Owner (default: 30 days).

IP allowlist

Restrict access to your workspace to specific IP addresses or CIDR ranges. Only requests from listed IPs will be allowed in.

Go to Settings → Security → IP allowlist, add your IP ranges, and save. Make sure to add all office IPs and VPN exit IPs before enabling.

Warning: If you lock yourself out, contact support@winora.dev.