Skip to main content

Security Features

User Permissions, IP User Locations, 2 factor authentication, password requirements and more

Danielle Bond avatar
Written by Danielle Bond
Updated over a week ago

Radius is a HIPPA compliant CRM, however not all users need every feature unless they are bound by HIPPA. You will have options to utilize several features to keep you and your team secured & compliant. Learn more about each option below.

Each feature explains what it is, how it's done and then gives the why in detail.


User Permissions

User Location Security Groups
Login Requirements


User Permissions


WHAT: Determine what each user can do in the system, what they can access for records and if they can download reports.

HOW: ACCOUNT (upper right corner)> Manage Users> Edit User. Account tab. See Add User for more information.

Account Owner user type gives access to all records, all agents, all settings and permission to adjust the subscription. This is also who we confirm any requests from agents to help with logins and other access requests.
Account Admin user type gives access to all records, all agents, and all settings.
Agent user type can be restricted in view and does not have access to adjust any settings in the account.

WHY:

  • Keep your book of business safe, giving only the necessary permissions.

  • Prevent theft of book of business by captive agents by restricting their ability to download reports.

  • Prevent accidental deletion of records and information needed for auditing by restricting who can delete records.

  • Prevent agent level users from updating account wide settings.


User Location Security Groups


WHAT: Add approved IP addresses for your account or specific team members to control where your agents can login from.
HOW: SETTINGS> User Location Security Groups (Edit)> Add Group. Name the group (ie. Office) and set the IP address(es). Save. Then go to Account> Manage Users> Edit the user. Go to their Account TAB and scroll all the way to the bottom. Change the location from Allow From Any Location to the appropriate group. Save Update
1. SETTINGS> User Location Security Groups

2. Create the Group.

3. Assign the location for the users in Account> Manage Users> Edit> account tab.


WHY: Restricting the IP addresses your agents can use to access your CRM is about reducing risk without slowing down your team. Here’s the clear, business-focused reasoning you can share with stakeholders or agents.

🔐 1. Strong Protection Against Account Takeovers

Even if an agent’s:

  • Password is stolen

  • Credentials are phished

  • Laptop is compromised

An IP restriction can block the login entirely if it doesn’t come from an approved network.

Think of it as: a second lock on the door—credentials alone aren’t enough.

🌍 2. Prevent Access from High-Risk Locations

IP restrictions help stop logins from:

  • Foreign countries

  • Known VPNs or proxy services

  • Suspicious or anonymized networks

This is especially important for CRMs holding:

  • Client PII

  • Health or insurance information

🛡️ 3. Reduce Damage from Human Error

Agents sometimes:

  • Log in from public Wi-Fi

  • Use shared or unsecured devices

  • Forget to log out on borrowed computers

IP restrictions prevent CRM access from unsafe environments, even if the agent makes a mistake.

📋 4. Support Compliance & Security Audits

Many security frameworks expect network-based access controls, including:

  • SOC 2

  • HIPAA

  • Internal security audits

  • Cyber insurance requirements

IP allowlists show that:

  • You limit access by who and where

  • You take reasonable steps to protect sensitive data

⚙️ 5. Pair Perfectly with Other Controls

IP restrictions work best with:

  • User security groups

  • Multi-factor authentication (MFA)

  • Session timeouts

Together, they create layered security instead of a single point of failure.

📉 6. Lower the Blast Radius of a Breach

If something goes wrong:

  • Only approved networks can access the CRM

  • A compromised account can’t be abused remotely

  • The incident is smaller, easier, and cheaper to resolve

🧠 When IP Restrictions Make the Most Sense

They’re especially valuable when:

  • Agents work from offices or known locations

  • You use a VPN with a static IP

  • Your CRM contains regulated or high-value data

💡 Tip: Remote teams can still use IP restrictions by requiring login through a company VPN or by adding the agent's home IP address to the allowed list for that user.

🎯 Bottom Line

Restricting IP addresses:

  • ✔ Blocks stolen credentials from being used

  • ✔ Prevents risky access locations

  • ✔ Protects sensitive client data

  • ✔ Supports compliance requirements

  • ✔ Reduces breach impact

How to implement:

  • Decide who should have IP restrictions, then in Radius, go to SETTINGS> User

  • Draft an agent-friendly explanation

  • Design a VPN + IP restriction setup that won’t frustrate your team

Login Requirements


WHAT:
User Inactivity- if an agent is inactive for a defined period, they are automatically logged out of the CRM

Password Requirements

2 Factor Authentication requires users to enter a one-time validation code sent to their cell phone in addition to their password.

Require Login Via Google Or O365 allows users to authenticate using Google or Microsoft 365 accounts with existing enterprise security controls.

Additionally, set your account wide time zone and the permissible hours for texting (see SMS Set Up for more details).

HOW: SETTINGS> Account Logo, Name & Timezone Settings (Edit). Scroll down to enable the settings. Update.


WHY:

User Inactivity

  • Prevents unauthorized access when agents step away from their computers.

  • Reduces the risk of accidental exposure of ePHI to coworkers, visitors, or cleaning staff.

  • Supports HIPAA’s requirement for automatic logoff (45 CFR §164.312(a)(2)(iii)).

Real-world risk without it:
An agent leaves their desk logged in, and someone else views or accesses patient records—this is a reportable HIPAA incident.


Account Password Requirements-
Allows administrators to enforce:

  • Minimum password length

  • Password expiration timeframe
    (Default of “0” means no required password changes.)

  • Why it’s important for HIPAA:

    • Weak or reused passwords are a leading cause of healthcare data breaches.

    • Regular password rotation reduces the risk of long-term credential compromise.

    • Supports HIPAA’s access control and authentication requirements.

    • Ensures only authorized users can access ePHI and limits damage if credentials are compromised.


    Best practice:
    While 30-day password changes are recommended in many security policies, this setting allows organizations to align with their internal compliance standards.


    Apply Two Factor Authentication requirement, account-wide.

    Why it’s important for HIPAA:

    • Protects against phishing, stolen passwords, and credential sharing.

    • Adds a second verification factor, ensuring the person logging in is the authorized user.

    • Strongly supports HIPAA’s technical safeguard requirements for access control.

    Operational note:
    Each user must have a valid, text-enabled cell phone number in
    Account > My Information > Cell Phone.

    Require Login via Google or Office365 are options for companies who have set up additional security protocols using this sign in. Leverages enterprise-grade security, including MFA, conditional access, and real-time threat detection.

    • Centralizes access management—disabling a user in Google or O365 immediately removes CRM access.

    • Reduces password reuse and weak password practices.

Ideal for:
Organizations that already enforce strict security protocols through Google Workspace or Microsoft 365.

Did this answer your question?