There’s no company control at all over the user accounts . We control which users have access to our repository, but there’s no password policies, the users pick their own email addresses, etc. There’s no way to limit access by IP address. Passwords can only be reset by the user.