Enhance Login Security with Two-factor Authentication or Single Sign-On

Two-factor authentication SAML SSO Pipedrive

Cybersecurity threats are a hot topic for any business storing its data using cloud-based apps. It’s tricky enough to find a reliable third party service you can trust with sensitive and confidential company information. But it’s another challenge altogether to make sure your data isn’t compromised due to bad login security or complacent password habits from one of your employees.

Pipedrive is dedicated to ensuring our customers are equipped with the strongest security options available.

That’s why we’re so excited to announce the release of Two-factor Authentication and Single Sign-On for the Pipedrive app!

What is Two-factor Authentication?

Two-factor Authentication (also known as 2FA) allows users to add an extra security layer to their login process.

Basic username and password combinations are becoming more and more vulnerable to theft.

To manage this risk, you can use security-enhancing methods like 2FA. This helps you prevent unwanted parties or individuals from gaining access to accounts containing valuable information and critical business assets.

How does 2FA protect your data?

2FA is a type of multi-factor authentication. It works by confirming a user’s claimed identity during login by running an extra verification check on the user attempting to log in with their username and password. With 2FA, a user will enter their username and password as normal.

But, to prove it’s really the account owner trying to log in, the user will then have to provide the “second factor”, which can be based on the following:

    • Something you know: like a password, a PIN number or a secret answer to a security question.
    • Something you have: this could be bank card details, confirmation through a mobile device or a physical security token
    • Something you are: most commonly, this can include a fingerprint, eye or face recognition or voice activation

Enabling just one of these additional factors on top of the usual login credentials will significantly improve the security of your account.

Now, all Pipedrive customers have the option to set up Two-factor Authentication on their account.

If somebody steals your password or that of your colleague – they’ll have a tough time getting past that second verification step.

How to Set Up Two-factor Authentication in Pipedrive?

Two-factor Authentication is an option available to all Pipedrive users, and switching it on couldn’t be easier:

Open Pipedrive, go to Settings > Personal > Security > Login verification > click Enable for my account.

Once you’ve done this, 2FA has been successfully enabled for your account.

Two-factor authentication Pipedrive

Next time you log in to Pipedrive, we will automatically send you an email with a link to verify that it’s really you trying to access the account. Simply click the link, and you will have now completed the login verification step.

How to know when your security may be compromised?

If you’ve received the verification email, but it wasn’t you trying to log in, and the email shows a different location and device from which the login attempt was made – you should change your password immediately.

What is SAML SSO?

In addition to 2FA, we’ve also released SAML SSO – another login security feature available to our Platinum plan customers.

SAML stands for “Security assertion markup language”.

It is an XML-based protocol used for Single Sign-On (SSO) solutions, enabling authentication and authorization between two parties: a service provider and an identity provider.

In the case of our users, Pipedrive is the service provider, and your company’s SAML SSO solution of choice (e.g., Bitium) is the identity provider.

In a nutshell, businesses use SAML SSO providers to centrally manage account access to third-party services like Pipedrive.

Pipedrive can be used with any identity provider compatible with the SAML 2.0 standard including Bitium, Okta, Auth0, Office 365, Google SAML and many others.

What are the advantages of using SAML SSO?

There are multiple reasons why companies opt to implement SSO for accessing applications:

Enhances security and convenience

SAML SSO allows account admins to manage all user access centrally, and eliminates the need for account users to have to set up and remember passwords for many different services. This is especially useful for large sales teams with high staff turnover.

Helps comply with corporate security policies

Most large companies require that employee access to third party software (including Pipedrive) is managed centrally – usually by the IT department.

Improves work efficiency

Less passwords to remember means fewer calls to the IT department. This allows both the user and IT to focus on more important tasks than dealing with password resets.

Easy to use

It really is. One login is enough to have access to all the services needed for your work.

How to Set Up SAML SSO in Pipedrive?

Note: The Single Sign-On feature is one of the many useful features of our Platinum plan. Learn more about Pipedrive’s premium features.

Configuring SSO requires some technical know-how, so we suggest consulting with your IT department for help with your setup.

First, you’ll need to acquire some keys from your SAML provider. Next, you’ll need to paste the keys in Settings > SSO. (Note this option is available to Pipedrive account admins only.)

SSO can then be enabled by the admin for all users by hitting the Enable for users switch at the bottom of the page.


Note that if SSO is enabled after your company’s users are already using Pipedrive with passwords – those users can just start using SSO to log in. If SSO is not enforced, they can continue logging in with both password and SSO.

For more information on how to set up SAML SSO for your company’s Pipedrive account, you can check out our support article.

How Do I Get These New Features?

You can significantly minimize the risk of potential data leaks by enhancing your login security with just one additional verification step.

We know how serious your data security is to your business, which is why Two-factor Authentication is available to all Pipedrive customers.

Our Platinum customers can take full advantage of the SAML SSO feature. This feature is a powerful addition suited to those managing access for larger sales teams. SAML SSO not only enhances security but also creates convenience for all users on the account. This added convenience means your sales team can focus more time on growing your business.

Start using 2FA or SSO right now.

Join Pipedrive CTA

Jaana Metsamaa

Jaana is a Product Manager at Pipedrive.

  • Worried user

    Why is security feature only available for platinum users? What about gold users?

    • Johny

      It would seems like a basic feature especially that our Pipedrives contains a lot of sensitive information about customers. Why would you reserved function like this (that keeps our customers safe) only to platinum?

      • Michael


        Pipedrive is committed to the security of our user’s data. https://support.pipedrive.com/hc/en-us/articles/206760639-Security-How-secure-is-my-data- explains our general practices in further detail as they apply to all tiers.

        These specific security features are specific to the platinum tier just because the platinum tier is for larger organizations, whose organizational needs may be more stringent or complex than those of smaller organizations.

        That being said, I’ve passed this feedback along to the appropriate parties for their consideration.

      • Phil

        to encourage us to upgrade perhaps

      • Marko Nõu

        For SAML SSO You need to have have identity provider set up by your company, which is where your account is managed. So it does not make your data more secure and is not a ‘security feature’ in its core (although it will give more control over your user accounts to company identity provider admins), it’s rather a convinient way to manage user accounts – you don’t need to remember your passwords anymore. Big companies have this set up because they use huge amount of software with different logins and to let users remember all those passwords is a big hassle for admins. So if Your company has set up SSO (Single-Sign-On) you only need to login to your one corporate account to get access everywhere. So you see, it does not make your data or account more secure. One can think the other way – if your Company Identity Provider (whatever it is Your company uses like OKTA, OneLogin, Microsoft Active Directory, whatever ) username/password gets stolen + you don’t have 2FA set up there, then attacker will have access to all of your accounts.

        • Johnny

          2FA is a security features that does not need any special company, you could use Google authorisation app, or SMS code or anything else. All easily accessible and cheap to implement even for small business es.

          So your point about “it is only good for big boys” is only about SSO.

          My password manager have 2FA, why wouldn’t you let me secure my clients data?
          You know how easy it is to steal passwords. 2fa would be another layer of security to prevent access even if hacker steal your password.

          So again, why is 2FA only for platinum?? Make it for gold users as well.

          • Marko Nõu

            2FA is for everybody, even silver 😉

  • M vdS

    Could you kindly explain how sending a non-encrypted email, non-publictrusted-digitally-signed, with a url is considered a trusted source and secure 2FA implementation?

    • Jaana

      Although there are potential security flaws in the standards supporting e-mail exchanges, we believe that bulk of business related e-mails are today exchanged and accessed via SSL (e.g Google, Outlook and others always enforce HTTPS on their clients , many business users are also using VPNs). That said, yes for extra level of security the e-mails could be encrypted, but this would require all of the e-mail applications that our customers use, to support this as well and this definitely could be a problem.

      In essence, we are not really worried about “listening in” for the 2FA e-mail using some kind of man in the middle attack. But even if that would happen, an attacker couldn’t do anything with just the link in the e-mail, addition to having the link, the attacker would need the username and password to start the logging in process and the link will only work on the same device and for only one hour and only once.

      So to really get access to someone else’s Pipedrive account they would need to get access to two sets of credentials – Pipedrive username&password and users e-mail username and password. Hopefully of course, our customers use 2FA on their e-mail accounts as well. Comparing to other popular 2FA solution – SMS, I think e-mail is very good already. SMS messages anyone can “easily” listen in to by just being nearby the victim and having a fake mobile antenna.

      The other solutions we considered were the time limited tokens that many of us know from Google Authenticator app and logging in via the Pipedrive mobile app. We decided not to them first but we are definitely thinking of adding them in the future.

      First, before implementing 2FA using our mobile app, we need a way to have 2FA for accessing our mobile app 🙂

      Second alternative of having 2FA with OTP codes we decided to leave for the future on the basis of complexity of on-boarding and managing later. So in essence, how easy it is to setup (download a OTP app, generate a key, have the recovery codes in a safe place etc.) and how easy it is to manage later (what happens when you change a phone, loose access etc.)

      Hope this answered your question and also gave a bit of background and I am happy to discuss it more if you have more questions 🙂

  • Isn’t possible to use something like google authenticator for generating tokens for Pipedrive’s two-factor authentication?

    • Carlos Pinho

      Hi Hugo, that’s not possible at the moment, our 2fa only works with the verification email mentioned in the article.

  • Mikael Stendahl

    How can I enforce 2FA to all users? Having everyone enable or disable the feature as they like is not really feasible.

    • Anni

      Hi, Mikael!
      Unfortunately, at the moment we don’t have a way for admin user to enforce 2FA, each user has do do it themselves.