All new SaaS sub-accounts will now have to verify their email and phone numbers before the sub-account users can access their accounts.
Use Case: Protect SaaS agencies from scammers who use VoIP numbers and disposable email IDs to create multiple sub-accounts.
How It Works?
1. We have put Two-Factor Authentication in place for sub-account admins when they log into their accounts for the first time.
2. As soon as they log in, we will send a verification code to their registered email address which they have to enter in order to proceed.
3. After email verification, the sub-account admin is asked to enter an SMS-enabled phone number which will then get a verification code that they have to enter to gain access to their account.
4. Note: The same phone number can not then be used to create/verify another sub-account (with any SaaS agency) for the next 7 days.
Bypassing 2FA
– There is no way for a sub-account admin to bypass the 2FA.
– Agency admins will have the option to manually verify a sub-account (without any code) from the sub-accounts Manage Client page after at least 1 failed attempt by the sub-account admin.
– 2FA is enabled by default for all SaaS agencies and sub-accounts, and can NOT be disabled.