Security Best Practices

As an administrator, you want to ensure MoEngage account security. Here are some recommendations for you when you create an account with MoEngage:

Strong Authentication Practices

  • Enable a Two Factor Authentication (2FA) system for all MoEngage account users, without exception. This helps you to restrict suspicious login attempts by verifying the identity of the user and making sure that access to the platform is secure. For more information, refer to, 2 Step Verification.
  • Enable Single Sign-On (SSO) access to the MoEngage platform, organization-wide. For more information, refer to Single Sign-On (SSO).


You might need help from your IT support team to set up SSO. MoEngage supports SSO using SAML 2.0 and acts as a service provider (SP) for SSO.

Granular Access Controls

  • MoEngage allows you provide customized access, permissions, and privileges for different team members. This helps in restricting every team member from having access to the complete dashboard/database and provides you more control over the information/data distribution.
  • MoEngage allows you  to implement Campaign Approval Workflows to have better control over the campaigns that are going live. This can help ensure a more secure campaign workflow and avoid breaches in quality and policies.

Network Restriction

You can enable IP Whitelisting in your SaaS application account to ensure user authentication from whitelisted IP only.

  • You can whitelist your VPN IP to ensure MoEngage SaaS application access is enabled using a trusted network of your choice.
  • If your organization currently does not use a VPN solution, consider adopting Open Source options such as OpenVPN, Pritunl.
  • The IP Whitelisting feature on the MoEngage platform/SaaS application is available only to organizations using an Enterprise license. Please contact your MoEngage Customer Success Account Manager for more details. 

Regular User Access Audits

  • Audit the access of all MoEngage account users at least once every 2 weeks.
  • Revoke the access of all unused, unwanted, or off-boarded users.
  • Audit the access, permissions, and privileges of all users from time to time. If they are not required, change their roles to a lower permission level wherever possible.
  • Keep users with  “Admin” and “Manager” roles to a minimum. We recommend you keep only one admin role for each account.


MoEngage automatically logs you out of your session if your account does not have any activity for one day. To customize the time of your session, Raise a Support Ticket Through MoEngage Dashboard.

For more information and a better understanding of implementing secure access controls, please contact your MoEngage Customer Success Manager.



Was this article helpful?
1 out of 2 found this helpful

How can we improve this article?