Protecting Your Credentials
Security Best Practices
Protect your production environment with layered security Atlar provides a range of security features to safeguard your organization’s data and resources. Follow these best practices to protect accounts, credentials, and access for both human and programmatic users.
Owner account
When you create a new production organization, the creator is automatically assigned the Owner role.
- The Owner role has full access to all Atlar functionality and is required for setting up approval chains, roles, and users.
- To protect credentials associated with the Owner role:
- Enable Multi-Factor Authentication (MFA) and configure at least one backup MFA option.
- Do not use the Owner role for daily operations (e.g. checking account balances). Instead, create and use a separate role for day-to-day tasks.
- If the person holding the Owner role leaves the company or changes positions, make sure to transfer ownership.
Human users
For all invited users, apply the Principle of Least Privilege—each user should only have the minimum access needed.
Recommended practices:
- Even if you are the Owner, create a separate role for your own daily tasks.
- Enable or require Single Sign-On (SSO) for all members.
- Enable or require Multi-Factor Authentication (MFA) for all members, with at least one backup MFA method.
- Add Atlar to your company’s offboarding checklist to ensure access is revoked when employees leave.
Programmatic access
Programmatic access credentials allow systems to connect to Atlar securely. Treat them as you would sensitive banking credentials.
Best practices:
- Follow the Principle of Least Privilege—grant only the exact permissions needed.
- Never share Access Keys or Secrets over email, company chat, or other insecure channels.
- If a secret is compromised:
- Immediately delete the affected programmatic access user in the Atlar dashboard.
- Create a new programmatic access user and generate a new set of credentials.
Beware of phishing attacks
Stay alert to phishing attempts:
- Atlar support will never ask for your password or programmatic access credentials.
- Do not click links in emails that appear to come from Atlar unless you are expecting them (e.g. sign-up, password reset, or a verified team invitation).
- Always verify URLs before entering any credentials.
Recovering from lost MFA, password, or API keys
MFA (Multi-Factor Authentication)
- Add multiple MFA methods to avoid being locked out.
- If an MFA device is lost, remove it from your account settings.
- If all MFA methods are lost, contact Atlar Support for manual MFA disabling. This process includes a verification step to confirm authorized access.
Passwords
- If you forget your password, reset it using the Forgot Password page.
- A verified email address is required to perform a password reset.
API keys
- If an API secret is lost or compromised:
- Delete the affected programmatic access user in the dashboard immediately.
- Create a new programmatic access user and store the new credentials securely.
- If you forgot to store an API secret when it was created, simply create a new programmatic access user to generate a new secret.
Updated 18 days ago
What’s Next