Introduction
Level gives you several controls to reduce your attack surface and limit what happens if credentials are compromised. This article walks through the key settings worth configuring for any production deployment.
Nonne of these require professional security expertise — they're standard account hygiene that takes under an hour to set up.
Securing Level
Enforce Two-Factor Authentication
Require all technicians to use 2FA before they can log in.
Navigate to Paramètres → Sécurité.
Activer Require two-factor authentication.
Any technician who hasn't set up 2FA will be prompted to do so on their next login. They can't bypass the prompt.
See Sécurité Paramètres for individual setup instructions and recovery code guidance.
Set Up IP Restrictions
Lock account access to trusted IP ranges — your office network, VPN exit nodes, or specific remote technician IPs.
Navigate to Paramètres → Sécurité.
Scroll to IP Allowlist.
Ajouter your trusted IP addresses before enabling the toggle.
Activer the IP Allowlist.
⚠️ WARNING: Ajouter your current IP before turning this on. Enabling the allowlist without including your own IP locks you out immediately.
See Sécurité Paramètres for full configuration instructions.
Configurer Contrôle à distance Approval
Decide what end users see when a technician connects to their device via remote control.
Navigate to Paramètres → Sécurité.
Under Contrôle à distance Approval, choose your default mode:
Nontify end user (default) — shows a notification but doesn't require a response
Ask for approval — requires the user to approve before the session starts
Groupes can override this default in Groupe Paramètres → Sécurité for environments where different devices need different behavior.
See Sécurité Paramètres for details on timeout behavior and group-level overrides.
Configurer Autorisations and Roles
Limit what each technician can do within Level. Autorisations are set at the group level — a technician can have different access on different device groups.
Key things to review:
Which technicians have admin access
Which groups each technician can see and manage
Whether any accounts have broader access than their role requires
See Workspace → Autorisations for the full permissions model.
What to Do Next
Once these four areas are configured, you're covered for the most common account security risks. For a broader look at Level's security architecture, certifications, and infrastructure, see:
Compliance and Certifications — SOC 2, HIPAA, GDPR, and penetration testing details
Report a Sécurité Vulnerability — How to disclose a discovered vulnerability
Questions fréquemment posées
Where are the main security settings in Level? Most org-level security controls live at Paramètres → Sécurité: 2FA enforcement, IP allowlist, and remote control approval. Autorisations are configured per group under Workspace → Autorisations.
Do I have to configure all of these? Non. Each setting is independent. That said, enforcing 2FA and configuring permissions are the two highest-impact controls for most organizations — start there.
Can individual device groups have different security settings from the org defaults? Oui. Remote control approval can be overridden at the group level via Groupe Paramètres → Sécurité. Autorisations are always configured at the group level.
How do I report a suspected compromise of my Level account? Contact Level support immediately at [email protected]. If you believe it's a platform-level security issue, also email [email protected].