BotIntelli — Security Settings User Guide
This guide explains Security settings: MFA policy (for admins), your MFA status, and managing active sessions (view and revoke).
What Is the Security Page?
The Security page is where you manage account and organization security: MFA (two-factor authentication) policy (for tenant admins), your own MFA status, and active sessions (devices/browsers where you’re signed in). You can enable or disable MFA for your account and revoke sessions you don’t recognize.
Where to Find It
- Sidebar: Security & Compliance → Security.
- URL:
https://app.botintelli.com/dashboard?view=rbac-securityorhttps://app.botintelli.com/settings/security.
Complete User Journey
Step 1: Open Security
- You see sections: MFA Policy (if you have tenant manage permission), MFA Status (your 2FA), and Sessions (active logins).
Step 2: MFA Policy (Admins Only)
- Who can change it: Users with tenant manage permission (e.g. org admins).
- What you can set:
- Require 2FA — Switch to require two-factor authentication for the organization.
- MFA required roles — Which roles must have MFA enabled (e.g. admin, manager).
- MFA grace period (days) — How many days users have to enable MFA after it becomes required.
- Save to apply. Members in scope will need to enable MFA (or already have it) within the grace period.
Step 3: Your MFA Status
- View: See whether MFA is enabled for your account.
- Enable MFA: If not enabled, use Enable 2FA (or similar). You’ll get a QR code to scan with an authenticator app (e.g. Google Authenticator, Authy). Enter the 6-digit code to verify and complete setup. Backup codes may be shown once; save them in a safe place.
- Disable MFA: If allowed by policy, you can turn MFA off. You may need to enter your password or current code. Note: If org policy requires MFA for your role, disabling may be blocked or temporary.
Step 4: Active Sessions
- List: You see active sessions (device type, browser, location, last active). Each session is one logged-in place (e.g. “Chrome on Windows”, “Safari on iPhone”).
- Revoke one session: Click Revoke (or “Log out this device”) on a session to sign that device out immediately.
- Revoke all other sessions: Use Revoke all other sessions to log out every device except the one you’re using now. Useful after a lost phone or suspected compromise.
Input Fields and Actions
| Section | What to do |
|---|---|
| MFA Policy (admins) | Set require 2FA, roles, grace period → Save. |
| MFA Status | Enable 2FA (scan QR, enter code), or disable if allowed. |
| Sessions | View list; Revoke one session or Revoke all other. |
Tips and Troubleshooting
- Can’t enable MFA: Ensure your authenticator app is set to the correct time (time sync). Use a backup code if you lost the device.
- Policy not saving: You need tenant manage permission; if you do and it still fails, try again or contact support.
- Session still showing after revoke: Refresh the page; the session list updates after revoke.
Quick Reference
| Goal | Action |
|---|---|
| Require MFA for org (admin) | MFA Policy → set options → Save. |
| Turn on 2FA for yourself | MFA Status → Enable 2FA → scan QR → enter code. |
| Log out one device | Sessions → Revoke on that session. |
| Log out all other devices | Revoke all other sessions. |
For organization-wide SSO (single sign-on), see SSO Configuration. For security event history, see Audit Logs.