Security
The Security settings page helps you protect your Shaari account. Every user can access these settings to manage their own password and review their active sessions. Keeping your account secure is essential, especially when your Shaari tenant handles sensitive financial data, employee records, and tax compliance documents.
Changing Password
To change your account password:
- Navigate to Settings > Security.
- Enter your current password to verify your identity.
- Enter your new password.
- Confirm the new password by entering it again.
- Click Save or Change Password.
Password Requirements
Your new password must meet the following criteria:
- Minimum 8 characters.
- At least one uppercase letter.
- At least one lowercase letter.
- At least one number.
Use a password manager to generate and store a strong, unique password for your Shaari account. Avoid reusing passwords from other services, especially for an account that has access to financial and employee data.
Session Management
Session management gives you visibility into where your account is currently logged in. This is important for detecting unauthorized access and maintaining control over your account.
What Is a Session?
Every time you log into Shaari on a device or browser, a session is created. The session remains active until you log out or the session expires. Multiple sessions can be active simultaneously --- for example, if you are logged in on your phone, laptop, and office computer.
Active Sessions View
The active sessions section displays a list of all currently active sessions for your account. Each session entry shows:
| Detail | Description |
|---|---|
| Device / Browser | The type of device and browser used for the session (e.g., "Chrome on Windows", "Safari on iPhone") |
| Last Activity | When the session was last active |
| Current Session | Indicates which entry is your current session |
Reviewing Sessions
Review your active sessions regularly. If you see a session that you do not recognize:
- It may be a session from a device you forgot to log out of (e.g., a hotel computer or a friend's phone).
- It could indicate unauthorized access to your account.
Ending a Session
To end a session on another device:
- Locate the session in the active sessions list.
- Click the End Session or Revoke button next to it.
- The session is immediately terminated, and the user on that device is logged out.
If you see an active session from an unfamiliar device or location that you cannot account for, end the session immediately and change your password. This may indicate that your credentials have been compromised.
Security Best Practices
Follow these guidelines to keep your Shaari account secure:
For All Users
- Use a strong, unique password --- Do not reuse passwords from other services.
- Review active sessions regularly --- Check at least monthly for unfamiliar sessions.
- Log out on shared devices --- Always log out when using a shared or public computer.
- Keep your email secure --- Your email is used for password recovery. If your email is compromised, your Shaari account may be at risk.
- Report suspicious activity --- If you notice unfamiliar actions in your account (invoices you did not create, settings you did not change), contact your admin and Shaari support immediately.
For Admins
- Review team member access regularly --- Remove accounts for employees who have left the organization.
- Use role-based permissions --- Grant the minimum necessary access to each team member. Not everyone needs admin privileges.
- Monitor the activity log --- Shaari tracks actions across the platform. Review the log periodically for unusual activity.
- Enforce password policies --- Encourage or require team members to use strong passwords and change them periodically.
Shaari uses JWT (JSON Web Token) authentication with secure HTTP-only cookies. Tokens expire after a defined period, and sessions can be revoked at any time from the Security settings page. All communication between your browser and Shaari's servers is encrypted with TLS 1.3.