Security Settings

Authentication, access control & compliance configuration

75 / 100

Security Score

Good — 2 issues

General Users & Roles Branches Teams Integrations Notifications Security

Authentication Policy

Password rules and login security

Minimum Password Length

Password Expiry

Max Login Attempts

Account Lockout Duration

Password History

Session Timeout (idle)

Uppercase

Lowercase

Numbers

Symbols (!@#)

Multi-Factor Authentication

Require MFA for all or selected roles

Partially Enabled

Nafath

Saudi National Identity verification via Nafath app

Saudi Gov. Required

Authenticator App

Google Authenticator, Microsoft Authenticator, Authy

TOTP / RFC 6238

SMS OTP

One-time password via SMS (STC, Mobily, Zain)

Less Secure

Enforce MFA for roles

Super Admin Admin Manager Agent Branch Manager Shareholder Marketing

Session Management

Active sessions and concurrent login control

Max Concurrent Sessions per User

Remember Device Duration

Active Sessions (3)

Chrome — Windows 11 Current

Riyadh, SA · 192.168.1.1 · Just now

Safari — iPhone 15 Pro

Jeddah, SA · 10.0.0.45 · 2 hours ago

Edge — Windows 10

London, UK · 185.234.12.55 · 1 day ago

IP Access Control

Allowlist trusted IPs and block regions

IP Allowlisting

192.168.0.0/24 Office — Riyadh HQ

10.0.0.0/16 VPN Network

185.234.12.55 Branch — Jeddah

API Key Management

Manage access keys for external integrations

Production API Key Active

sk_live_••••••••••••••••••••••••••••••XK9p

Created Jan 12, 2026

ZATCA Integration Key Expiring Soon

sk_zatca_••••••••••••••••••••••••••••••A3m2

Expires Mar 1, 2026

Security Audit Log

Recent security events and user activity

Successful login — Ahmed Khalid

Chrome/Windows · Riyadh · 192.168.1.1

Just now

MFA method changed — Fatima Al-Zahrani

Settings · 2FA enabled via Nafath

12 min ago

Failed login attempt × 3

Unknown device · London, UK · 185.234.12.55 — Account locked

1 hr ago

API key generated — Mohammed Al-Rashidi

ZATCA Integration · sk_zatca_••••A3m2

3 hrs ago

Password changed — Omar Bin-Nasser

User settings · Password policy compliance verified

Yesterday

Saudi Regulatory Compliance

NCSC, PDPL & Vision 2030 data governance requirements

NCSC

Compliant

National Cybersecurity Authority

PDPL

Action Required

Personal Data Protection Law

Nafath

Connected

Saudi Digital Identity — Active

ISO 27001

In Progress

Info Security Management

Data Residency

Required by PDPL — data must remain in Saudi Arabia

Audit Log Retention