EIGENN.
docsguidesapichangelogpricingsign in
EIGENN.

Manage Security and Billing

Run an owner review of MFA policy, access boundaries, subscription state, delegates, usage, and destructive controls.

Security and billing should be reviewed together because subscription state can block writes, and current role behavior gives Members access to plan operations. Run this review as a workspace owner and record any compensating controls your organization relies on.

1. Confirm Owner Continuity

Before changing policy or billing:

  1. open the membership view
  2. confirm the intended owner accounts
  3. make sure at least one other authorized recovery contact exists when continuity requires it
  4. remove stale membership only after ownership is safe

Do not delete an owner account or workspace while it is the only path to business records.

2. Review Personal MFA

Open Settings → Account → Security.

  • Confirm your active authenticator appears.
  • Add a replacement factor before retiring an old device.
  • Verify the added factor with a six-digit code.
  • Remove the old factor only after the replacement works.

The current add-device flow supports TOTP authenticator apps. It does not expose passkeys or recovery codes.

3. Set the Future-Member MFA Rule

Open Settings → Security.

  1. Enable Require MFA for New Members.
  2. Select Save.
  3. Record the activation date in your internal access procedure.
  4. Test with a membership created afterward.

The rule does not apply retroactively. Existing members require a separate enrollment campaign and verification process.

4. Classify the Remaining Security Fields

Review each visible field, but distinguish stored intent from active enforcement.

ControlOwner action today
Session TimeoutSave only as policy metadata; continue using verified session controls elsewhere
IP WhitelistSave only; enforce trusted networks at the identity, VPN, proxy, or firewall layer
Audit Log toggle and retentionSave only; do not claim an enabled audit pipeline or purge schedule
Data RetentionSave only; maintain a verified retention procedure outside this setting
Anonymize Deleted CustomersSave only; do not assume deletion invokes anonymization

If an audit or customer contract asks whether a control is enforced, answer from observed system behavior, not the Settings toggle.

5. Review SSO and Organization State

Open Settings → Account → Organizations and select the relevant organization.

  • Confirm the organization domain.
  • Inspect available identity-administration links.
  • Confirm SSO connections in the identity administration system.
  • Test sign-in with a non-owner account.

The workspace Security page does not configure SSO. Organization administration is the supported identity path.

6. Reconcile Billing State

Open Settings → Billing.

  1. Compare Current Plan with the hosted billing portal.
  2. Check for a Cancelling badge.
  3. Select Manage billing and confirm payment method and platform invoices.
  4. Compare order history with provider records.
  5. Record the intended renewal owner.

Local plan state can lag checkout or cancellation. Use the provider state before buying again or promising continued paid access.

7. Control Who Can Change the Plan

Current billing permissions allow Owners and Members to:

  • start paid-plan checkout
  • open the hosted billing portal
  • schedule subscription cancellation by selecting Free

Viewers cannot perform those writes. Only Owners can change billing delegates.

If plan changes require owner approval, do not use Member as a purely operational role without an additional control. Review membership design with Manage Team Access.

8. Treat Delegates as Labels

Owners can toggle members as billing delegates. Verify the saved badge after each change.

Do not rely on the delegate list to:

  • grant billing access
  • send renewal notices
  • send the Send Reminder menu action

Those actions do not currently happen automatically. Notify the designated billing owner through your existing channel.

9. Review Usage Without Trusting the Fallback

Open Settings → Usage and compare:

  • seats
  • active bank connections
  • current-month Inbox items
  • current-month invoices
  • storage

Use detail CSV exports for evidence when the data looks credible.

If the page shows Free, zero for every metric, and No limit everywhere, it has likely rendered its error fallback. Do not use that state for capacity or billing decisions. Compare actual resource pages and the hosted billing portal.

10. Schedule a Downgrade Safely

Selecting Free asks for confirmation and schedules cancellation at period end.

Before confirming:

  1. review which paid features and quotas the workspace uses
  2. export required billing and operational records
  3. identify active workflows, webhooks, API keys, and connections
  4. communicate the effective date
  5. select Free and confirm
  6. verify cancellation in the hosted portal

The local Current Plan card can remain paid until provider synchronization.

11. Review Destructive Controls

Delete account

Deletes the user and any solely owned workspaces, then queues external cleanup for those workspaces.

Delete team

Owner-only permanent deletion of the active workspace. Storage and connected-provider cleanup can continue asynchronously.

Remove custom email domain

Owner-only. Clears the workspace sender configuration and returns email to the default domain.

Remove bank connection

Stops sync for that connection and changes usage. Verify downstream reconciliation before removal.

Review Cadence

Run this review:

  • before inviting a new department
  • after an owner or billing contact changes
  • before plan renewal or downgrade
  • after an identity or payment incident
  • before representing a Settings control in a compliance questionnaire

Troubleshooting

A Member changed billing unexpectedly

That is allowed by current billing permissions. Revisit role assignment and provider-side billing access, then document an approval control.

A saved security setting has no visible effect

Only the prospective MFA rule is currently enforced from that form. Treat the other values as stored policy intent.

The cancellation badge is missing

Open the hosted billing portal and compare provider state. Local cancellation data can lag.

Usage contradicts Billing

If Usage is all zero and unlimited, discard it as the fallback. Use Billing and actual records, then contact support.

Send Reminder did not notify a delegate

The menu action is not implemented. Send the reminder through an operational channel outside that control.

Related Pages

  • Security and Access
  • Billing and Usage
  • Settings Overview
  • Teams and Organizations
  • Troubleshoot Account Access
  • Support

Maintain Transaction Rules

Design, backfill, validate, prioritize, and replace transaction rules without corrupting reporting intent.

Manage Team Access

Invite teammates, assign roles, verify acceptance, switch workspaces, and remove access without leaving a team ownerless.

On this page

1. Confirm Owner Continuity2. Review Personal MFA3. Set the Future-Member MFA Rule4. Classify the Remaining Security Fields5. Review SSO and Organization State6. Reconcile Billing State7. Control Who Can Change the Plan8. Treat Delegates as Labels9. Review Usage Without Trusting the Fallback10. Schedule a Downgrade Safely11. Review Destructive ControlsDelete accountDelete teamRemove custom email domainRemove bank connectionReview CadenceTroubleshootingA Member changed billing unexpectedlyA saved security setting has no visible effectThe cancellation badge is missingUsage contradicts BillingSend Reminder did not notify a delegateRelated Pages

Eigenn docs

current product

Overview
Overview
OverviewAccount PreferencesAssistant AutomationAssistant Command CenterBank ConnectionsBilling and UsageBudgets and ForecastCommand CenterCustomer LifecycleCustomer RecordsCustomersDeveloper PlatformDocument Processing and ExtractionDocument VaultFinancial Analytics and ReportsFinancial OverviewInvoice InsightsInvoice ProductsInvoicesMarketplace IntegrationsNotifications and BrandingOnboarding and SupportOverviewReceivablesReceivables AnalyticsReceivables ControlsSecurity and AccessSettings OverviewStress TestsTeams and OrganizationsTone Profiles and ExperimentsTransaction Categories and RulesTransactionsWeekly Finance RitualWorkflow ExecutionsWorkflow PausesWorkflowsWorkspace Inbox and Approvals
OverviewBuild and Review a ForecastBuild Your First WorkflowConfigure Assistant OperationsConfigure Notifications and BrandingConfigure Receivables ControlsConnect Transaction RecordsCreate and Manage CustomersCreate and Send InvoicesDeveloper API SetupFirst Cash ReviewInvoice Collection WorkflowMaintain Transaction RulesManage Security and BillingManage Team AccessManage the Invoice LifecycleMCP WorkflowsMonitor and Recover WorkflowsOrganize and Share DocumentsProcess Inbox ItemsReconcile and Categorize TransactionsReview a Customer Finance RecordRun a Finance Operating ReviewRun a Receivables Tone ExperimentRun a Runway Stress TestRun Your First Command Center ReviewSet Up a WorkspaceTroubleshoot Account AccessWebhook DeliveryWeekly CFO Review
OverviewIntegrationsMCPSDKsWebhooks
OverviewAuthenticationBank Accounts APICustomers APIErrorsForecasts and Stress Tests APIInvoice Payments APIInvoices APIPaginationRate LimitsTransactions APIWebhooks API StatusWorkflows API Status
Overview
Overview