HeadshotPro | Help Center
Home

Security Controls

Configure MFA enforcement, admin access, ownership, and data retention for your organization.

Security Controls

HeadshotPro gives team admins several controls to enforce authentication standards and limit access to sensitive actions. These settings are available under Admin > Settings > Security and are restricted to users with the TeamLead role.

How it works

Multi-factor authentication (MFA)

MFA adds an email-based verification step for team admins (TeamLead accounts). When enabled, any admin who signs in after a 24-hour gap receives a 6-digit code by email and must enter it before accessing the admin panel.

  1. Go to Admin > Settings > Security.
  2. Locate the Enable MFA for team admins card.
  3. Toggle MFA on.
  4. Click Save changes.

The admin who enables MFA is not prompted immediately — the system creates a verified session for them automatically. The next sign-in after 24 hours will trigger the MFA flow.

MFA verification details:

  • Codes are 6 digits and expire after 10 minutes.
  • Up to 5 incorrect attempts are allowed before the code is invalidated. A new code must be requested.
  • A verified MFA session is valid for 24 hours. After that, the next sign-in triggers a new code.
  • Codes are sent to the admin's registered email address.
  • Only TeamLead accounts are subject to MFA. Regular team members are not affected.

Admin management

The Admin management card lists all current admins and pending invitations.

Add an admin:

  1. Click Add new on the Admin management card.
  2. Enter the email address of the person to promote.
  3. Click Add admin.

If the email address belongs to an existing team member, they are promoted to admin immediately. If not, a pending invite is created and they appear in the table with an "(Invite pending)" label until they accept.

Remove an admin:

  1. Find the admin in the list.
  2. Click their role dropdown and select Remove as admin.
  3. Confirm the action.

You cannot remove yourself or the organization owner via this interface.

Revoke a pending invite:

  1. Find the pending invite in the list.
  2. Click Revoke on that row.

Ownership transfer

The organization owner holds the highest level of access, including billing and irreversible actions. Ownership can be transferred to another TeamLead.

  1. Go to Admin > Settings > Security.
  2. The Transfer Ownership card is visible only to the current owner.
  3. Select the new owner from the dropdown (only existing TeamLead accounts are eligible).
  4. Review the warning — this action cannot be undone.
  5. Click Transfer Ownership and confirm.

The new owner receives a confirmation email. The page reloads to reflect the change.

Data retention

The Delete all user data after 30 days setting under Admin > Settings > Headshots controls data retention at the organization level.

When enabled, all photo data and AI model data for every team member is permanently deleted 30 days after their most recent photo shoot completes. This includes remixes, edits, and generated headshots.

  1. Go to Admin > Settings > Headshots.
  2. Toggle Delete all user data after 30 days.
  3. Click Save changes and confirm the warning dialog.

SSO-based access controls

For organizations using SSO, additional access controls are available on the SSO card:

  • Require SSO login — blocks email/password and social logins for users on verified domains. See SSO Setup.
  • Auto-join (JIT Provisioning) — controls whether verified-domain users can join without an explicit invite.

Good to know

  • All security controls (MFA, admin management, SSO) require the TeamLead role. Standard team members cannot view or modify these settings.
  • MFA applies to TeamLead accounts only. Enabling MFA does not affect how team members log in.
  • There is no SMS or authenticator app MFA option — verification is email-only.
  • The organization owner cannot be removed via the Admin management interface. Ownership must be explicitly transferred before you can remove the current owner's admin access.
  • Organization deletion is a separate, permanent action available in the Danger Zone card (visible only when you are the sole member of the organization). See Organization Settings.
  • Data deletion after 30 days is organization-wide and cannot be scoped to individual members or teams.
  • Audit logs for SSO authentication events are available at Admin > Audit Logs (/app/admin/audit-logs). The log shows event type, user email, timestamp, and metadata. You can filter by event type and date range.
Was this article helpful?
Previous
← Organization Settings
Next
SSO Setup →
All articles