Skip to main content

🔒 Strengthen Your Platform Security: IP Restriction and Multi-Factor Authentication

Two advanced features are available on request to protect your users' sessions and accounts.

Written by Océane

💡 This option is not available by default on your platform. To set it up, contact us via the chat bubble at the bottom right of your Didask platform or at assistance.didask.com.

⏱️ The Essentials in 3 Minutes

• IP-based session restriction protects against session hijacking: if the IP address changes during a session, the user is automatically logged out.
• Multi-factor authentication (MFA) adds a 6-digit code sent by email after the password is entered.
• Both features are configured in Administration > Security Settings.
• MFA requires IP restriction to be enabled first. It does not apply to SSO or access code logins.


🧠 Understand the Importance of Session Security

Corporate training often involves access to sensitive or confidential content. Strengthening login security reduces the risk of account compromise (stolen password, hijacked session) and protects your learners' and designers' data without adding friction to their daily experience.


1. IP-Based Session Restriction

This feature ties each user session to the IP address from which it was opened. If the IP address changes during a session (for example, when switching networks), the session is automatically terminated and the user must log in again.

What it provides: even if an attacker captures a session cookie, they cannot use it from a different IP address.

Who is affected?

Role

Activation

Authors, Coachs, Admins

Always active

Learners

Configurable by the admin

How to configure for learners: Settings > Security Settings.


2. Multi-Factor Authentication (MFA)

After entering their password, affected users receive a 6-digit code by email that they must enter to complete the login.

What it provides: even if an account password is compromised, access remains protected by the second factor.

⚠️ Prerequisite: IP-based session restriction must be enabled before MFA can be configured.

Who is affected? The admin chooses which roles MFA is required for:

Protection level

Roles affected

Learners

All users (learners, authors, admins)

Editors

Authors, coachs, and admins

Space admins

Space admins and platform admins

Platform admins

Platform admins only

How to configure: Settings > Security Settings.

ℹ️ MFA does not apply to logins via access code or via SSO (OIDC/SAML2), which are already secured through the identity provider.


Keywords: security, MFA, multi-factor authentication, IP restriction, session, login, security settings, administration.

Did this answer your question?