Security
Use the Security page to protect access to your organization.
At the organization level, Boldo focuses on two controls:
- enforcing two-factor authentication
- restricting access by IP address when the feature is available
This page is not a general security center. It is mainly the place where you enforce organization-level access controls.
Access
- Click the Organization icon
- Select "Security"
Only administrators can modify security settings.
Two-factor authentication (2FA)
2FA adds a second verification step beyond the password.
The organization setting does not enroll users itself. It enforces 2FA for members of the organization.
Users still configure their own 2FA from their account security settings.
Enable enforcement
- Go to Organization → Security
- Locate "Two-factor authentication"
- Toggle the switch on
- Validate
If you use email and password, you must first enable 2FA on your own account. SSO administrators can manage this setting without enrolling in Boldo 2FA.
What happens next
- Email-password users without 2FA are redirected to set it up before they can access the organization
- If they do not complete the setup, they cannot enter the organization
- Once 2FA is configured, they can continue normally
- If a user disables 2FA on their own account later, they lose access to the organization until they enable it again
2FA and SSO
In an SSO organization, this control mainly affects email-password users. SSO users authenticate through the identity provider and are not asked to enroll in Boldo 2FA.
IP Whitelist
IP whitelist restricts access to your organization to approved IP addresses or network ranges.
This is useful when you want to restrict access to:
- company offices
- VPN ranges
- a controlled corporate network
IP whitelist depends on your plan. If the control is not visible in your organization, your plan may not include it.
Configure the whitelist
- Go to Organization → Security
- Locate "IP whitelist"
- Click "Manage"
- Add the addresses or ranges you want to allow:
| Field | Description | Example |
|---|---|---|
| IP address | IP to allow | 192.168.1.1 |
| CIDR | Optional subnet mask | /24 |
| Description | Explanatory note | "Paris Office" |
- Toggle the switch on
- Validate
Boldo checks that your current IP is in the list. You cannot lock yourself out.
Use IP whitelist only if your organization can maintain it operationally. If the allowed network list changes often, the control may create more friction than value. Prepare the allowed list carefully before enabling it.