Advanced User Settings and Security Features
Overview
iVendNext provides advanced security features to safeguard data and block unauthorized access. This article covers:
🔒 Two-Factor Authentication (2FA)
🌐 IP & Time-Based Login Restrictions
⚙️ API Access & Security Keys
📊 Audit Logs for User Activity
Section 1: Two-Factor Authentication (2FA)
Enabling 2FA for Users
Navigate to User List → Select User → Settings → Security.
Click "Setup Two-Factor Authentication".
Choose method:
OTP via Email/SMS
Authenticator Apps (Google Authenticator, Microsoft Authenticator)
Scan the QR code or enter the manual key.
Enter a test OTP to verify.
Best Practice: Enforce 2FA for admin roles and users with financial permissions.
Resetting 2FA
If a user loses access:
Admins can reset OTP secret via:
User Profile → Password Button → Reset OTP Secret.
Users must reconfigure 2FA on next login.
Section 2: IP & Time-Based Restrictions
Restricting Logins by IP
Limit access to office networks or specific devices:
Open User → Settings → Security.
Under "Restrict IP", enter allowed IPs (comma-separated).
Example: 192.168.1.1, 203.0.113.45
Save.
Note: Users outside these IPs will see "Access Denied".
Setting Login Time Windows
Control when users can log in (e.g., business hours only):
In User Settings → Security, configure:
Login After: Start time (e.g., 8 for 8 AM).
Login Before: End time (e.g., 18 for 6 PM).
Section 3: API Access & Security Keys
Generating API Keys
For integrations (e.g., POS systems, third-party apps):
Go to User → Settings → API Access.
Click "Generate Keys".
Copy the API Secret Key (store securely—it’s shown only once).
Warning: Rotate keys quarterly or after employee departures.
QR/MSR Codes for Login
Alternative login methods for POS users:
QR Codes: Scan via mobile app for quick access.
MSR (Magnetic Stripe) Codes: Swipe cards at terminals.
Configure under User → Additional Login Methods.
Section 4: Audit Logs & Activity Monitoring
Tracking User Actions
View logs for:
Login attempts (success/failure).
Password/email changes.
Document edits/deletions.
Access via: Home > Settings > Audit Trail.
Exporting Logs
For compliance:
Filter logs by date/user/action.
Click Export to CSV/PDF.
Troubleshooting Security Issues
Security Policy Best Practices
Here’s a quick look at some of the best practices for managing Security Policy:
✔ Mandate 2FA for all admin accounts.
✔ Restrict API keys to specific IPs/endpoints.
✔ Review audit logs weekly for anomalies.
✔ Automate session timeouts (e.g., 15 minutes idle).
Related Articles
Advanced Web Form Features - Unlocking Powerful Capabilities
Overview This article will help you build sophisticated forms that enhance productivity and user experience. 1. Dynamic Field Control Conditional Logic & Field Dependencies Show/hide fields based on user input to create smart, adaptive forms: // ...Advanced POS Features
Overview This article highlights advanced iVendNext POS features that give retail leaders a competitive edge. 1. Multi-Location Inventory Management Cross-Store Transfers Real-time visibility of stock across all locations Request transfers directly ...Advanced Features in iVendNext Selling
Overview This article explores these advanced features, providing a step-by-step guide to leveraging them for maximum efficiency and effectiveness. 1. Multi-Currency Transactions In today’s global marketplace, businesses often deal with customers and ...Customization and Settings
Overview This article explores the various customization options and settings available in iVendNext, to help you optimize the application as per your business requirements. 1. Company Settings 1.1 Company Information The Company Settings section is ...Advanced Retail Features - Powering Modern Commerce
Overview This article gives you an overview of iVendNext’s tools for improving pricing, inventory, and customer engagement, helping retailers stay competitive with smart features and easy fulfillment. 1. Dynamic Pricing and Promotions A. Rule-Based ...