Keeping your customer data safe is a top priority. Positive User gives you simple, effective tools to manage who logs into your workspace and how they connect. With the right setup, you can protect your information and set clear boundaries without slowing down your team's daily work.
You can match your platform access to the security standards your company already follows. Positive User offers three secure ways for your team to log in:
Google and Microsoft accounts: Let your team members log in using their existing work accounts. They do not have to remember another password, and you rely on the security protocols your company already uses.
Email and password: A classic method strengthened by mandatory verification. To get into the workspace, a team member must enter a one-time code sent directly to their inbox.
Smartphone verification (2FA): Add another layer of protection by linking logins to a phone. Using standard apps like Google Authenticator provides time-based codes, drastically reducing the chance of unauthorized access even if a password is compromised.
To set up smartphone verification for your individual account, go to “My Settings” → “Security” and turn on the two-factor authentication option.
Security is not just about keeping external threats out; it is also about managing permissions inside your company. You can control exactly what each team member can see and do within your workspace.
If you want to protect sensitive information or keep certain areas private, you can block specific team members from entering selected sections of the application.
By default, the system includes two main access levels: administrators and team members. However, you can configure custom team access levels to create specific roles tailored to different departments in your company (such as Sales or Support). For each role, you decide whether an employee only sees items assigned directly to them or if they can view everything assigned to their entire group. This ensures that employees only have access to the data and tools they actually need for their daily roles, keeping your entire system organized and secure.
More about that you can read in the “How to Configure Team Access Levels” article.
By default, your team members can log into the workspace and work from anywhere in the world. If your organization requires tighter control, you can limit access to specific internet addresses - for example, only your trusted office network.
When you turn this on, any login attempt from an unapproved location is blocked automatically with an error message, cutting off access to your settings and customer data.
To set where people can log in from, go to “Workspace Settings” → “Security” → “IP Restrictions”.
If Positive User shares data with other systems in your company, those connections follow their own independent security rules. API access control works separately from human logins.
API Keys: Generate unique keys for each of your external apps. You decide how long they remain active and whether they can edit data or just read it. You can manage this by going to “Workspace Settings” → “API & Integrations” → “Public API”.
Dedicated API addresses: To keep your automations strictly controlled, you can create a separate list of approved server addresses specifically for API requests, automatically rejecting requests from unknown locations.
Email Tracking Exclusions (IMAP): When your team members connect their personal inbox via IMAP integration to manage conversations, you might want to prevent certain internal emails from entering the CRM. You can exclude specific email addresses - such as those of directors, executives, or managers - so that their private communication is completely ignored and never tracked by the system. You can manage this by going to “Workspace Settings” → “Email” → “Inbox settings” → “Excluded addresses”.
Well-chosen security settings help you establish clear boundaries for how your team operates.
Protecting Outside Logins: You want to make sure your team does not view contact information while connected to public Wi-Fi at a cafe. Add your office IP address to the restricted list. The system will then only let in people who are connected to your company router.
Protecting Internal Executive Privacy: Your team members have connected their corporate inboxes via IMAP, but you want to make sure confidential emails sent by company directors are never imported into the app. Add the directors' email addresses to the tracking exclusion list so the platform automatically ignores their messages.
Easy Team Management: When team members leave the company, it is easy to forget to remove their platform access. Set up a Google or Microsoft login. When your IT department removes a departing person's company email, they automatically lose their ability to log into Positive User.
Securing Automations: An external app sends new order data to your workspace, but you want to minimize outside risks. Limit the API key permissions to only what is strictly necessary, and add the server address of that specific app to the API whitelist so no other server can send requests.
