Introducción
Level gives you several controls to reduce your attack surface and limit what happens if credentials are compromised. This article walks through the key settings worth configuring for any production deployment.
None of these require professional security expertise — they're standard account hygiene that takes under an hour to set up.
Securing Level
Enforce Two-Factor Authentication
Require all technicians to use 2FA before they can log in.
Navigate to Configuración → Seguridad.
Habilitar Require two-factor authentication.
Any technician who hasn't set up 2FA will be prompted to do so on their next login. They can't bypass the prompt.
See Seguridad Configuración for individual setup instructions and recovery code guidance.
Set Up IP Restrictions
Lock account access to trusted IP ranges — your office network, VPN exit nodes, or specific remote technician IPs.
Navigate to Configuración → Seguridad.
Scroll to IP Allowlist.
Añadir your trusted IP addresses before enabling the toggle.
Habilitar the IP Allowlist.
⚠️ WARNING: Añadir your current IP before turning this on. Enabling the allowlist without including your own IP locks you out immediately.
See Seguridad Configuración for full configuration instructions.
Configurar Control remoto Approval
Decide what end users see when a technician connects to their device via remote control.
Navigate to Configuración → Seguridad.
Under Control remoto Approval, choose your default mode:
Notify end user (default) — shows a notification but doesn't require a response
Ask for approval — requires the user to approve before the session starts
Grupos can override this default in Grupo Configuración → Seguridad for environments where different devices need different behavior.
See Seguridad Configuración for details on timeout behavior and group-level overrides.
Configurar Permisos and Roles
Limit what each technician can do within Level. Permisos are set at the group level — a technician can have different access on different device groups.
Key things to review:
Which technicians have admin access
Which groups each technician can see and manage
Whether any accounts have broader access than their role requires
See Workspace → Permisos for the full permissions model.
What to Do Next
Once these four areas are configured, you're covered for the most common account security risks. For a broader look at Level's security architecture, certifications, and infrastructure, see:
Compliance and Certifications — SOC 2, HIPAA, GDPR, and penetration testing details
Report a Seguridad Vulnerability — How to disclose a discovered vulnerability
Preguntas frecuentes
Where are the main security settings in Level? Most org-level security controls live at Configuración → Seguridad: 2FA enforcement, IP allowlist, and remote control approval. Permisos are configured per group under Workspace → Permisos.
Do I have to configure all of these? No. Each setting is independent. That said, enforcing 2FA and configuring permissions are the two highest-impact controls for most organizations — start there.
Can individual device groups have different security settings from the org defaults? Sí. Remote control approval can be overridden at the group level via Grupo Configuración → Seguridad. Permisos are always configured at the group level.
How do I report a suspected compromise of my Level account? Contact Level support immediately at [email protected]. If you believe it's a platform-level security issue, also email [email protected].