Skip to main content

Why does Ledgy ask me to authenticate again when carrying out certain actions?

Learn why Ledgy asks users to re-authenticate for sensitive actions and which account and admin actions currently trigger this prompt.

Written by Frances Agoncillo

Introduction

Ledgy asks you to authenticate again before completing certain sensitive actions as an additional security measure to protect your personal data and company information. Even when you're already logged in, this extra verification step ensures that the person making critical changes is genuinely you. If you sign in with a password, you'll be asked to confirm your password again. If your company uses single sign-on (SSO), you'll authenticate through your identity provider. After successful re-authentication, this elevated access typically remains active for a brief period, so you won't be prompted again if you perform another protected action shortly afterwards.

Note: This prompt does not mean the user has been signed out. It is a short security check that appears before certain high-sensitivity actions are completed.

Why this prompt appears

In practice, this means a user may already be logged in to Ledgy, but still be asked to authenticate again before changing sensitive settings, viewing especially sensitive information, or completing high-risk account actions.

Actions that currently require re-authentication

The following customer-facing and admin-facing actions currently trigger this additional verification step in Ledgy.

Personal account actions

  • Updating preferences in Account Settings, including dashboard currency and language & formatting

  • Updating profile details

  • Changing an email address

  • Updating tax information

  • Updating bank or beneficiary details

  • Removing Google login from an account

  • Deleting an account

Company admin and security actions

  • Setting up or updating SSO configuration, including SAML and OIDC

  • Enabling or disabling Require SSO

  • Enabling or disabling SCIM

  • Revealing or generating a new SCIM bearer token

  • Changing session length settings

  • Connecting, updating, disconnecting, or manually syncing HR integrations

  • Viewing the stakeholder bank details report

  • Viewing or rotating a company API key

  • Canceling a subscription

  • Disconnecting DocuSign

Frequently Asked Questions

Does changing dashboard currency require re-authentication?

Yes. Updating dashboard currency in Account Settings is currently one of the protected actions that can trigger this prompt.

Why is a user being asked to authenticate again if they are already logged in?

Because this is a separate security check for sensitive actions. Ledgy uses it to confirm that the person making the change is really the signed-in user.

Will the user need to do this every time?

Not usually. After a successful re-authentication, Ledgy keeps this elevated access active for a period of time. If the user performs another protected action during that time, they usually will not be prompted again.

If you still need help understanding whether a prompt is expected in a specific workflow, contact the Support team via chat or email.

Did this answer your question?