We've recently released a number of new security features to the Natterly platform, which you can access and start using immediately. These include two factor authentication for all users, security notification emails for users and administrators, IP address restriction and personal user session control.
Two Factor Authentication
As has been the case for some time with our other aTech services, we've introduced Two Factor Authentication for all users in Natterly. It's very simple to set up, just head to Your Settings within the Natterly admin console, then click the link to configure two factor authentication found just below your password, then follow the instructions to get set up.
As well as being able to configure Two Factor Authentication on your own account as an agent, as an administrator in Natterly you can also enforce it for all agents, meaning they cannot login without setting up 2FA first.
Head to Settings -> Account Settings in the admin console, then enable the Require two factor authentication? option at the bottom of the page.
Any users that login without 2FA enabled will then be prompted to set it up.
Security notification emails
We've also introduced several notification emails, that are sent to agents and administrators, where appropriate when the following scenarios occur:
- To agents when their account is logged in successfully via a new browser session we don't recognise
- To agents if their account is locked due to 10 successive failed attempts
- To administrators if a new user is invited to their Natterly account
IP address restriction
You can now restrict access to your Natterly agent and admin consoles to specific networks by way of IP address restriction. Head to Settings -> Account Settings in your admin console, then add any IP addresses or CIDR ranges that you wish to allow.
Once you've done so, any other connections from networks outside of those allowed will be prevented.
As agents, you can now view all active sessions you have for your account, and if needed revoke any that you no longer require or don't recognise.
Head to Your Settings -> Sessions where you'll see a list of all active sessions, with a simple Logout link on the right hand side next to each one that you can press to revoke it immediately.
IP restrictions and Two Factor Authentication are also fully supported in the mobile applications, with as of today have been updated with new releases to the Google Play store and Apple app store.