This guide shows you how to lock down your Composerie account from the Security page. You will turn on two-factor authentication, change your password, review where you are signed in, and download a copy of your data. It is written for the person who owns or administers the workspace.
Who can open Security settings
The Security page is for admins. If you are the Owner or have the Admin role, you can open it. People with the Editor, Fulfillment, or Viewer role cannot. If you try to reach it without an admin role, the page will not load for you.
To find it, open Settings, then Security. The page holds everything you need to protect your account in one place:
- Two-factor authentication
- Password change
- Active sessions
- Login history
- The audit log (admin only)
- API keys
- Data export
If you only came here to create or rotate API keys, you do not need the rest of this article. See manage API keys for who can hold keys, then use the API keys section on this page.
Turn on two-factor authentication
Two-factor authentication (2FA) adds a second check at sign-in. After your password, you enter a 6-digit code from an authenticator app on your phone. Composerie uses the standard TOTP method, so any app like Google Authenticator or 1Password works.
Click Enable two-factor authentication and enter your password
In the Two-factor authentication section, click Enable two-factor authentication. You will be asked for your account password to confirm it is you. Type it and click Continue.
Scan the QR code with your authenticator app
A QR code appears. Open your authenticator app, choose to add an account, and scan the code on screen. Your app will start showing a 6-digit code for Composerie that changes every 30 seconds. Then click the button to continue to the verify step.
Enter the 6-digit code to verify
Type the current 6-digit code from your app into the field, then click Verify and enable. If the code is right, 2FA turns on right away. If it is wrong, the field clears so you can try the latest code.
Save your backup codes
After 2FA turns on, you get a list of one-time backup codes. Each code works once. They are your way back in if you lose your phone or cannot reach your authenticator app. Click Copy to copy them, or Download to save them as a text file. Keep them somewhere safe and private, like a password manager. When you are done, click Done.
The next time you sign in, Composerie will ask for a code after your password. If you ever want to turn 2FA off, open the same section and click to disable it, then re-enter your password to confirm.
Change your password
You can update your password at any time from the Change password section.
Enter your current and new password
Type your current password, then type your new password twice to confirm it. Your new password must be at least 8 characters. A strength meter rates it as weak, medium, or strong as you type, so you can pick something harder to guess.
Save the change
Click save to apply the new password. From then on, use it the next time you sign in.
Review sessions and sign-in history
This part of the page tells you where your account is signed in and who has tried to sign in.
The Active sessions section lists every device that is currently signed in to your account. Your current device is marked with a badge, so you can tell it apart from the rest. If you see a device you do not recognize, or you signed in on a shared computer and forgot to sign out, click Revoke all other sessions. That signs you out everywhere except the device you are on right now.
The Login history section shows recent sign-in attempts. For each one you see the device, the IP address, whether the attempt succeeded or failed, and the date. This is a quick way to spot someone trying your password. A run of failed attempts you did not make is a sign to change your password and turn on 2FA.
Below that is the Audit log, labelled admin only. It records actions taken across your organization, with the action, the resource it affected, the user who did it, and the date. Use it when you want to see who changed what in the workspace.
Export your data
The Export your data section gives you a JSON copy of your data. Click the Export button and your browser downloads the file.
This is handy when you want to keep your own backup, or when you need to answer a data request and want a copy of what Composerie holds.
I lost my phone and my backup codes. How do I get back in?
Contact support from the sign-in page. Have your account email ready so the team can verify you and help reset two-factor authentication.
Why can a teammate not see the Security page?
Only the Owner and admins can open it. Editors, Fulfillment, and Viewers do not have access. Change their role on the team page if they need it.
Does revoking sessions sign me out too?
No. Revoke all other sessions keeps you signed in on the device you are using and signs out every other device.
How many tries do I get on the 2FA code at sign-in?
The verify step is rate limited to 5 tries per minute, so wait a moment if you mistype a few times.
If you get stuck on any of this, contact support and we will help.
Next
Now that your own account is secure, set up the rest of your workspace in manage your team and roles.