How to Secure a BoldDesk Account

This article provides an admin-focused security checklist for protecting both the Agent Portal and the Customer Portal in BoldDesk. It is designed to be followed in a recommended order and includes links to the official BoldDesk knowledge base articles for each configuration area.

Prerequisites

Admin access to configure portal security settings.
For IP restrictions, an agent role must have Manage settings permission.
For SSO, access to your Identity Provider (IdP) admin console to register redirect/callback URLs and create client credentials.
For 2FA, users need a TOTP authenticator app (for example, Google Authenticator or Microsoft Authenticator).

BoldDesk Security Hardening

BoldDesk security hardening typically combines multiple controls:

Authentication controls: Two-Factor Authentication (2FA) for form logins and Single Sign-On (SSO) via an identity provider.
Credential policies: Password policies for users who sign in with BoldDesk form login.
Network controls: IP restrictions to limit where portals can be accessed from.
Access governance: Roles and permissions to enforce least privilege for agents and admins.
Monitoring and investigation: Audit logs and access logs to review sign-in activity and administrative changes.
Sensitive data handling: Data redaction to permanently obscure sensitive data in ticket content.

Important behavior:

2FA enforcement applies to BoldDesk form login only and does not apply to SSO or social logins, because form login is bypassed.

Security Hardening Checklist

This checklist summarizes the recommended sequence for securing a BoldDesk environment—from sign-in protection (2FA/SSO) through credential and network controls, least-privilege permissions, audit visibility, and data protection. Each item links to the official BoldDesk KB article for the full configuration steps, so you can apply the control without duplicating instructions here.

Follow these steps in order.

1. Configure Single Sign‑On (SSO) in BoldDesk

SSO lets users sign in to BoldDesk using your organization’s identity provider (IdP) instead of separate BoldDesk passwords. BoldDesk supports OpenID Connect, OAuth 2.0, and JWT for SSO. BoldDesk supports SSO for both the Customer Portal and the Agent Portal using OpenID Connect, OAuth 2.0, or JWT.

Key behavior to know before you configure

Customer Portal SSO is brand-specific (select the correct brand before configuring).
You must register the Redirect/Callback URL shown in BoldDesk within your IdP application settings.
Choose OpenID Connect for modern IdPs with OIDC support, OAuth 2.0 when you need explicit endpoints, and JWT for token-based SSO flows.

Configure SSO

To configure Single Sign‑On (SSO) within BoldDesk, learn more on How to Set Up Single Sign-On (SSO) in BoldDesk.

2. Configure Two‑Factor Authentication (2FA) in BoldDesk

2FA adds a time‑based verification code step during login. Admins can enforce 2FA for all agents (Agent Portal) and/or all customer portal users, and users can also enable it from their profile settings. BoldDesk 2FA uses time-based one-time passcodes (TOTP). Admins can enforce 2FA across users, and individuals can enable it from profile settings.

2FA enforcement applies only to BoldDesk form login. If users sign in via SSO or social login, BoldDesk’s 2FA enforcement does not apply.

Enforce 2FA for all agents (Agent Portal)

To enforce 2FA for all agents, learn How to Configure and Use Two‑Factor Authentication (2FA) in BoldDesk.

Enforce 2FA for all customer portal users (Customer Portal)

To enforce 2FA for all customer portal users, explore more on Securing Your Account with Two‑Factor Authentication in BoldDesk.

Allow users to enable 2FA themselves (optional)

Agents and contacts can enable 2FA from Profile > Security, even when enforcement is not enabled.

3. Harden credentials (form login users)

Configure a password policy (default or custom). Password policy changes can trigger reset prompts if existing passwords no longer comply.
Use: How to Customize Agent Portal Settings in BoldDesk

4. Configure IP Restrictions in BoldDesk Portals

IP restriction allows you to specify approved IP addresses or ranges and apply them to the Agent Portal only or to both Agent and Customer Portals. IP restriction allows you to specify the IP addresses or ranges that are allowed to access BoldDesk. You can apply it to:

Agent Portal only, or
Both Agent and Customer Portals.

To configure IP restriction, learn more on How to Set IP Restrictions in BoldDesk Portals.

To manage IP Restrictions, the agent role must include Manage settings permission.

Optional: Allowlist BoldDesk outbound IPs (network/firewall use case)

If your firewall restricts access to known IP ranges, BoldDesk provides static outbound IP addresses you can allowlist. Learn more on IP Allowlisting for BoldDesk Application

5. Apply least-privilege access (roles and permissions)

Review agent/admin permissions and ensure sensitive settings are only accessible to approved roles.
Use:
- Managing Roles and Permissions in BoldDesk
- Manage Agent Access with BoldDesk Permissions
- Agent lifecycle reference: How to Manage Agents in BoldDesk

6. Monitor activity (audit logs and access logs)

Use logs to validate sign-in events and investigate configuration changes (who changed what and when).
Use:
- How to View Audit Logs for Changes in Admin Settings
- How to Access and Analyze Portal Login Logs for Troubleshooting

7. Protect sensitive data (redaction)

Enable data redaction to permanently obscure sensitive data in ticket content. Redacted data is not recoverable.
Use: BoldDesk Redaction Guide for Data Privacy and Information Protection
- HIPAA environments:
  - HIPAA Onboarding and Security Guidelines for BoldDesk Users
  - HIPAA Access Logs in BoldDesk

8. Review platform security baseline (reference)

Use for internal security/compliance documentation (encryption, compliance posture, and baseline controls).
Reference: BoldDesk Security and Compliance Overview

Use Cases

Enterprise SSO-only access: Configure SSO for agents and customer portal users, then restrict admin access via roles and IP restrictions.
Hybrid authentication: Keep form login for a limited set of users but enforce 2FA and a strict password policy for those accounts.
Network-based hardening: Allow portal access only from corporate/VPN IP ranges and use access logs to confirm expected login sources.
Compliance workflow: Enable redaction and use audit logs to support internal reviews of security-related changes.

Frequently Asked Questions

Do all security settings apply to both the Agent Portal and the Customer Portal?
No. Some controls apply only to the Agent Portal, some apply only to the Customer Portal, and some may be brand-specific (for example, Customer Portal SSO is configured per brand). Always confirm which portal (and brand, if applicable) the setting affects before enabling it.
Does enforcing 2FA also apply to users who sign in with SSO or social login?
No. 2FA enforcement applies only to BoldDesk form login. If users sign in using SSO or social login, BoldDesk form login is bypassed, and BoldDesk-enforced 2FA does not apply.
If my organization uses SSO, do I still need to configure password policies in BoldDesk?
Password policies in BoldDesk are relevant primarily for users who sign in using BoldDesk form login. If all users authenticate through SSO, password policy enforcement should be handled by your identity provider instead. If you keep form login enabled as a fallback, configure password policies for those form-login users.
What is the most important order to follow when securing a BoldDesk account?
Start with sign-in security (2FA and/or SSO), then harden form-login credentials (password policy), restrict network access (IP restrictions), enforce least privilege (roles and permissions), enable monitoring (audit and access logs), and protect sensitive content (data redaction, which is permanent and not reversible).

Was this article useful?

Dislike

Comments (0)