User security
The following user security features are available for N-sight RMM:
- Two-Factor Authentication: Enter the username, password and authenticator security code to login.
- IP address settings: Require verification for logins from new IP addresses or add IP addresses to your allowlist.
- Disable or Enable Agent Key user access: Prevent the Agent Key, which is included in the registration email, from accessing N-sight RMM and easily manage each staff user from Settings > Users.
- Session timeout: Automatically ends the session after the user has been inactive for the specified timeout period.
Maintain session connections with IP address allowlist
N-sight RMM maintains session connections even if a user’s IP address changes during a session—provided the new IP address is included in the Approved IP Addresses list.
This allows users to stay signed in when switching networks, without compromising security. For example, you can allow IP addresses used when:
- Working from multiple locations, such as home, office, or public networks
- Using VPNs or proxy servers that frequently change IP addresses
- Switching between different internet service providers or mobile data networks
- Accessing the dashboard from various devices with different IP addresses
Adding these relevant IP addresses to the allowlist helps ensure a consistent and uninterrupted connection. See Add IP addresses to the allowlist.
If a user's IP address changes to one that isn't on the allowlist, the session ends and the user must sign in again.
Lockout mechanism
To help prevent brute force attacks, N-sight RMM has a lockout mechanism.
The lockout is triggered after 50 consecutive login attempts from the same user and IP address. When this happens:
- The user and IP address are blocked for five minutes.
- The account is automatically unblocked after five minutes of complete inactivity from that user and IP address.
If lockout occurs, we recommend waiting 10 minutes before trying to sign in again.
HTTPS Redirects
For additional security, when you access N-sight RMM over HTTP you are automatically redirected to HTTPS (unless you are using a custom dashboard.domain.name URL).