Access control settings allow admins to add security levels to your Backlog space including enforced two-factor authentication and IP address restrictions.
In this guide, we’ll show you how to:
- Set IP address restrictions
- Set up two-factor authentication
To find your access control settings, select your profile icon in the global navigation, “Space settings,” and “Access control.”
Set up IP address restrictions
You can restrict IP address access to your Backlog space, which means members won’t be able to access Backlog unless using one of the permitted addresses. This feature is available with the Standard (50 addresses), Premium (100 addresses), and Enterprise (unlimited addresses) plans. Access remains open if you don’t add any restrictions.
When restricting access:
- Add the address you’re currently using to avoid losing access.
- You can specify the IP range with the subnet mask (e.g., inputting 202.218.47.192, 202.218.47.0/24, 202.218.47.0 / 255.255.255).
To remove an address, select “Delete” and “Submit.”
Set up two-factor authentication
Available with the Premium plan for non-Managed Accounts, two-factor authentication requires all members to enter a password and verification code—received via email, text message, or authentication app—every time they log in.
When two-factor authentication is enabled, members must also use Backlog-generated passwords to access files (via browser preview and WebDAV), Subversion HTTPS, Git via HTTPS, and RSS. Access to Git via SSH and API using API key and the ability to import to the milestone calendar using a private address aren’t affected.
To enable this setting, select the checkbox under “Two-factor authentication” and then “Save.”