# Account Security Settings Manage account-wide login security, including 2-step verification, Single Sign-On, and domain-based access controls. Keep your account safe with 2-step verification. Set up how users log in and control access to make sure everything stays secure and easy to manage. ## **Enable 2-Step Verification** You can enable and manage the 2-Step Verification (2FA) method to add an extra layer of security to your account. To require 2-Step Verification: 1. From your Emailable dashboard, navigate to [Security](https://app.emailable.com/account#security). 2. In the **2-Step Verification** section, enable the **Require 2-Step Verification **option. 3. Click **Save**. ![Emailable security settings page showing 2-step verification toggle, single sign-on (SSO) configuration dropdown, and domain restriction field for limiting login access.](https://cdn.sanity.io/images/6ukvxgr7/production/e26b292a0c458322a435ef792f1b9b36eaefde73-1772x980.png) When enabled, all users, including the account owner, will be required to use 2-Step Verification when signing in. ## **Single Sign-On (SSO)** Single Sign-On (SSO) is an authentication method that lets users log in once using a trusted provider (such as Google or Microsoft) and access multiple applications without re-entering passwords. ### **Enable Single Sign-On (SSO)** You can require users to sign in through a supported Single Sign-On provider. To require Single Sign-On: 1. In the **Single Sign-On (SSO)** section, click the **Require Single Sign-On** dropdown and select the provider. 2. Select the provider you want users to sign in with. 3. Click **Save**. ![Emailable security settings page with SSO enabled using Google provider, domain restriction set to a specific domain, and option to save configuration.](https://cdn.sanity.io/images/6ukvxgr7/production/f796e4ac626bdb276ef28a34c9ef94294fd03190-1823x1243.png) Supported SSO providers include: ![Single sign-on provider selection dropdown in Emailable showing options including Disabled, Any, Google, Microsoft, GitHub, and LinkedIn with Google selected.](https://cdn.sanity.io/images/6ukvxgr7/production/189cb0871e63a1a52602062ebf58cc53206272b0-1772x794.png) Choosing **Any** allows users to sign in with any supported provider. Choosing **Disabled** also allows password-based logins. ### **Disable Single Sign-On (SSO)** If you are signed in using a third-party provider, you can manage your Single Sign-On settings from the Profile section. To disable Single Sign-On: 1. In the **Single Sign-On** section, locate your connected provider (for example, Google). 2. Click **Disable**. ![Emailable single sign-on settings showing Google account connected with option to disable SSO login for the account.](https://cdn.sanity.io/images/6ukvxgr7/production/cfbbcbd5e2eeff8b10bf1bc1d2cfc04fcfe13aa9-1772x300.png) After disabling SSO, you may be required to use standard login credentials (email and password) to sign in. ## **Limit Login to Specific Domains** You can restrict SSO access so that only users with email addresses from specific domains can sign in. To limit login to specific domains: 1. In the **Single Sign-On (SSO)** section, configure **Require Single Sign-On** as needed. 2. In the **Limit Login to Specific Domains** field, enter the domain you want to allow. 3. Click **Save**. ![Emailable SSO configuration section displaying domain restriction input field with specified domain to limit login access to authorized users.](https://cdn.sanity.io/images/6ukvxgr7/production/4df9785eda65248a3a66785709f58d2fc1f05045-1772x432.png) Only users with email addresses from the domains you enter will be able to sign in using your organization’s SSO provider.