Help Center

Docs

Everything you need to know about using Laureo

Security Settings Overview

Your sign-in methods, active sessions, and recent account activity in one place

What the Security Page Is

The single place to control who can sign in to your account and on which devices.

The Security page at Settings > Securityis your personal command center for account safety. It shows every way your account can be signed into, every device currently signed in, and everything that has happened to your account recently. Every user has this page — no admin role is required to manage your own security.

Sections on the Page

The page is organized top-to-bottom around increasing scope.

Sign-in & verification

How you prove it's you. Four cards:

Password — Change your password, or add one if you sign in with Google or Microsoft only.
Authenticator app (TOTP) — Add or remove an authenticator like Authy, 1Password, or Google Authenticator.
Passkeys — Face ID, Touch ID, Windows Hello, or a hardware security key. Sign-in with existing passkeys works today; enrollment of new passkeys ships in a follow-up release (the button shows “Coming soon” for now).
Backup codes — Generate single-use recovery codes that work if you lose your authenticator.

Active sessions

A list of every device and browser currently signed in to your account, with device type, IP address, city and country, and last-active time. Your current device is marked This device. You can revoke any other session individually, or sign out every other session at once.

Sign-in methods

Link or unlink external identity providers (Google, Microsoft). Shows whether a password is set and which provider accounts are connected. The page blocks you from removing your only sign-in method so you never get locked out.

Recent activity

Sign-ins and security events from the last 30 days — successful logins, failed attempts, MFA events, password changes, session revokes, provider links, and any events the system flagged as unusual. A This wasn't me button lets you report a suspicious sign-in. You can export the activity log as CSV.

Account

Two links at the bottom — Export my data and Delete account— both hand off to the data controls page on your profile.

Why You Sometimes Re-Verify

Step-up reauth protects the actions that matter.

When you remove an MFA method, unlink a sign-in provider, set your first password, or sign out every other device, the app asks you to re-verify your identity first. This is step-up reauth: proving it really is you before the app lets you weaken or change how you sign in. The dialog uses whatever methods you already have — password, authenticator, or passkey. Verification lasts a few minutes, so you only re-verify once per burst of changes.

You are always in control of your own account

There is no admin role requirement on Settings > Security for managing your own methods. Admins have a separate console for taking emergency action on any account in the organization; nothing on your Security page requires their permission.

Role-Based Access

Who sees this page and what they see there.

Every user has access to their own Security page, regardless of role.
Admins do not see anyone else's security details here — this page is personal. For organization-wide session management they use Admin > Sessions.
Super admins have the same personal view as everyone else on this page. The admin console is the right place for cross-user work.

Two-Factor Authentication— Set up an authenticator, passkey, and backup codes Active Sessions— See and revoke devices signed in to your account Sign-In Methods— Link Google or Microsoft, set or change your password Profile Settings— Your name, timezone, and AI preferences

Profile Settings

Two-Factor Authentication