by Carl Turner | Nov 22, 2022 | Articles
Guest post by Carl Turner, our Senior Client Success Manager at Award Force, who occasionally writes about topics he addresses with clients.
One of Award Force’s defining features is unlimited access for your program participants. This means we don’t charge extra for additional users (or entries or files) because we want to see our clients succeed and thrive. With Award Force, you can run your program worldwide without worrying about licenses for digital seats.
Whether your program has one manager or one hundred, it’s the same cost. And with the ability to have as many program users as you can dream up comes the responsibility of managing these users securely in the platform. In this article, we go over some best practices on how to manage your users and their permissions to best protect your program’s data and integrity.
Award Force is designed to allow people to create a user profile in our software. Typically, when a person registers an account for the first time, their user profile is connected to a specific awards program, which we call a membership. That membership is managed using roles to control what that user can do and see within that program.
In many cases, a person may have two or more memberships, meaning their user profile is connected to multiple programs. The roles they happen to have in each program are unique to each program, so if a user happens to have the entrant role in one program and the entrant role in another program, that’s just a coincidence!
Therefore, a single person could be an entrant in one program while being a judge in another as well as being a program manager in yet another program.
(You can learn more about multiple accounts here and more about user accounts here!)
Here is where the importance of security comes in: If a user log-in is shared with others to access a specific program where that user profile has two or more memberships, then anyone who has access to that user profile now has access to all programs in which the user is registered.
Personal information is very important and it’s not something you want to freely give out, especially in today’s high tech world where there is an ever-present risk of identity theft.
To help ensure the protection of every person who creates a user profile in the platform, we require a complex password containing a combination of upper and lower-case characters, numbers and special characters (i.e. ! @ # $).
Users can also add the additional protection of multifactor authentication (MFA or 2FA) for any membership they have. Program organisers even have the option to force MFA on users based on the role added to their user profile, a best practice that should be exercised for anyone with manager-level access.
For some, it might seem easier to share access to a program by allowing people in a team to use the same login credentials. Best practices strongly suggest this approach should be avoided at all times!
Using a shared profile to access a program increases the risk of those access details falling into the wrong hands. This can be especially problematic if the user profile being shared has high-level access to personal and sensitive information collected in the program.
It’s also problematic if a staff member who has access to the program via the shared access profile is unwillingly dismissed from their position. They could, out of spite, access the account, change access details, steal data, steal intellectual property or even permanently destroy data. This could end up creating a big (legal) problem for an organisation who have been trusted to keep its users’ data, entry or application information and scoring results confidential.
Ensuring everyone has their own user profile with their own unique access helps with accountability, and accountability can’t be enforced if a single user profile is shared with the team. Everyone having their own user profile is also super helpful for any program that must go through an audit trail.
In addition to each user having their own profile and login, it’s also important to use caution with high-level permissions. The high-level, all-access role in the Award Force platform is commonly used for program managers who need almost unlimited access to all the data in the program.
Giving this level of access should only be done after careful consideration.
Award Force provides at the top level of permissions the “account owner” role, which can only be assigned to one user who is the primary authority of the account. Below that is the program manager role. The account owner is the only person with permission to remove program manager level access from other managers, as well as the only person who can permanently delete data from the account such as entries, user profiles and entire seasons.
The account owner is also the only person who can approve changes to the account subscription. Therefore, the account owner role most certainly should never be shared with anyone, ever! If needed, the account owner role can be transferred to someone else, but this can only be done by the current account owner from the billing portal in the account.
The Award Force client success team are available to help, guide and assist when you need them, 24 hours a day, 5 days a week. However, for security reasons, the client success team will ask for the user to provide identification through an email address used by the account. The client success team can easily identify the user if they have a user profile, and can see how many memberships they have as well as their level of access to each membership.
If someone emails the client success team from an email address that does not have a membership with any accounts, then the level of support possible is limited and can only be general in nature; any account-specific information won’t be shared.
This can be problematic if a team is using a shared profile and the user who reaches out does have an associated email with the account. To keep your program secure, we want to make sure every user who has access to the account is legitimate.
Award Force works hard to ensure our software is the most secure awards management platform on the market. By setting role permissions and security clearances to your most sensitive data, you’ll be able to protect your program’s integrity and data security. A win-win for all.
Articles
Feature focus
How-to-guides
Press releases
Product updates