All new SaaS sub-accounts will now have to verify their email and phone number before the sub-account users can access their account.


TABLE OF CONTENTS

Use Case

Protecting SaaS agencies from scammers who use VoIP numbers and disposable email IDs to create multiple sub-accounts.


How it works?

  1. We have put 2-Factor Authentication in place for sub-account admins when they login to their accounts for the first time.
  2. As soon as they log in, first we will send a verification code to their registered email address which they have to enter in order to proceed.
  3. After email verification, the sub-account admin is asked to enter an SMS enabled phone number which will then get a verification code that they have to enter to gain access to their account.


A phone number can NOT be used to create/verify another sub-account till 7 days after it has been used to verify a sub-account.


Bypassing 2-Factor Authentication

  1. There is no way for a sub-account admin to bypass the 2FA.
  2. Agency admins will have the option to manually verify a sub-account (without any code) from the sub-account's Manage Client page.
  3. 2FA is enabled by default for all SaaS agencies and sub-accounts, and can NOT be disabled.