Documentation Index

Fetch the complete documentation index at: https://support.kommo.com/llms.txt

Use this file to discover all available pages before exploring further.

Security best practices in Kommo

Prev Next

Keeping your Kommo workspace secure is a shared responsibility between Kommo and your team. Kommo provides built-in security tools — and configuring them correctly helps protect your data, users, and customer conversations.

This guide walks you through recommended security settings in Kommo, explains where to configure them, and shows how to monitor access over time.

Recommended security settings

Start by enabling the core security features available in your workspace.

Enable two-step verification

Two-step verification adds an extra verification step during login.

Where to set it up

  • Go to Settings → Profile settings

  • Enable Two-step verification for your account

  • (Admins) Require two-step verification for the workspace if available

Best practice

  • Enable two-step verification for all Administrators

  • Require two-step verification for the entire workspace if you handle sensitive data or payments

This helps prevent unauthorized access even if passwords are compromised. Read more about two-step verification here.

Set clear roles and permissions

Permissions control what each user can see and do in Kommo.

Where to manage permissions

  • Go to Settings → User management

  • Open a user profile to:

    • Assign Administrator access, or

    • Configure custom permissions

Best practice

  • Grant Admin access only to users who truly need it

  • Use custom permissions to limit access to:

    • Pipelines and stages

    • Data exports

    • Settings and integrations

  • Review permissions whenever a user’s role or responsibilities change

Avoid giving full access to all users unless it’s necessary. Learn more about how to set up roles and permissions here.

Restrict access by IP address (optional)

IP whitelisting limits login access to approved networks only.

Where to manage IP access

  • Go to Settings → User management

  • Click the three dots in the top-right corner

  • Select Whitelist of IP addresses

Best practice

  • Use IP restrictions only with trusted, static IP addresses

  • Always add your current IP before saving

  • Avoid IP restrictions for teams that rely on:

    • Mobile access

    • VPN connections

    • Changing networks

Note: Blocking untrusted API requests will disable Kommo mobile access.

Learn more about how to manage your IP whitelist here.

Ongoing account monitoring

Security isn’t a one-time setup — it requires regular checks.

Review active sessions

Where to check

  • Go to Settings → Profile settings

  • Scroll to Sessions

Here you can see:

  • Logged-in devices

  • Last activity time

  • Location and IP address

Best practice

  • Log out unfamiliar or unused sessions

  • Change passwords immediately if something looks suspicious

Review and clean up users

As teams grow and change, access can easily become outdated.

Where to manage users

  • Go to Settings → User management

Best practice

  • Regularly review your user list

  • Disable users who no longer need access

  • Remove users permanently after reassigning their data

  • Make sure inactive users don’t retain sensitive permissions

Monitor account activity

Activity logs help you understand what’s happening in your workspace.

Where to check

  • Go to Insights → Activity log (Pro / Enterprise plans)

Best practice

  • Review changes to:

    • Settings

    • Pipelines

    • Permissions

  • Investigate unexpected edits or deletions promptly

This improves accountability and transparency across your team.

Team habits that improve security

Security tools work best when paired with good team practices.

Encourage your team to:

  • Use strong, unique passwords

  • Never share login credentials

  • Log out from shared or public devices

  • Keep browsers and operating systems up to date

  • Follow security guidelines during onboarding

If something looks wrong

If you notice suspicious behavior:

  • Change affected passwords immediately

  • Log out all active sessions if needed

  • Review recent activity and access changes

  • Contact Kommo support for assistance

Acting quickly can prevent further issues.

Following these best practices helps keep your Kommo workspace secure, your data protected, and your team working confidently.

If you need more help with setup or troubleshooting, feel free to reach out to our support chat or contact us via WhatsApp. You can also hire a Kommo partner to do all the hard work for you.

Not a user yet? Sign up for our 14-day free trial or book a free live demo.