Security settings
The security tab under Settings lets you configure authentication and access policies for your organization. Access this page from Settings > Security.
Two-factor authentication (2FA)
You can require all users in your organization to set up two-factor authentication. When enabled, users who have not yet configured 2FA will be prompted to do so on their next login. Users authenticate using a time-based one-time password (TOTP) from an authenticator app such as Google Authenticator or Microsoft Authenticator.
| Setting | Details |
| Force two-factor authentication (2FA) for all users | When enabled, all users are required to set up two-factor authentication on their next login. Users who already have 2FA configured are not affected. |
The 2FA requirement can be disabled for individual users in their user settings. This is useful for service accounts or specific users who cannot use an authenticator app.
Automatic logout
Automatic logout improves security by signing out users after a period of inactivity. This is useful for organizations where users may leave their devices unattended.
| Setting | Details |
| Enable automatic logout after inactivity | When enabled, users are automatically logged out after the configured inactivity period. |
| Inactivity timeout (minutes) | The number of minutes of inactivity before a user is logged out. Minimum: 1 minute. Maximum: 20,160 minutes (14 days). Only visible when automatic logout is enabled. |
The inactivity timeout can be disabled for individual users in their user settings. This is useful for accounts used on always-on displays or kiosk setups.
IP whitelisting
IP whitelisting restricts access to your organization to specific IP addresses. When enabled, only users connecting from a whitelisted IP address can log in. Users connecting from any other IP address are denied access.
This is useful for organizations that want to ensure their data is only accessible from corporate networks, VPNs, or other known locations.
Enabling IP whitelisting
Before you can enable IP whitelisting, you must add at least one IP address to the whitelist. Your current IP address is shown on the page for reference. When you enable IP whitelisting, DataTako verifies that your current IP address is included in the whitelist to prevent you from locking yourself out.
Managing IP entries
Each entry in the whitelist consists of an IP address (or range) and an optional description.
| Field | Details |
| IP address or CIDR | The IP address to allow. Supports individual IPv4 addresses (e.g. 192.168.1.1), IPv6 addresses, and CIDR notation for address ranges (e.g. 10.0.0.0/24). Maximum 45 characters. |
| Description | An optional label for the entry (e.g. “Office network” or “VPN gateway”). Maximum 256 characters. |
Entries can be edited or removed at any time from the overview table.
Lockout protection
DataTako includes several safeguards to prevent administrators from accidentally locking themselves out:
- You cannot enable IP whitelisting unless your current IP address matches at least one entry.
- You cannot update an entry in a way that would exclude your own IP address.
- You cannot remove an entry if it is the last one that covers your IP address.
Sub-organizations
If your organization is managed by a parent organization, the parent may control IP whitelisting on your behalf. In that case, the IP whitelisting settings are read-only and a message indicates that IP whitelisting is managed by the parent organization.
