On Sunday 5 July (AEST), we're releasing some enhancements to our access security.
The change consists of three main enhancements, together with some changes to our access rules.
None of these changes apply to, or impact, customer access to our surveys. They only apply to users who wish to access our displays, dashboards and reports.
Three main security enhancements
The three main enhancements are:
- The ability to ask users to log-in with their email address. If you turn on this setting in the Portal, users will be asked to enter their email address before they can access any displays, reports or dashboards. They will then be emailed a verification code that must be entered before access is granted. This will stop users who are not already setup in the Portal from accessing CIOPulse.
- The ability to only allow access to CIOPulse with encoded URLs. Encoded URLs have all their parameters replaced with a single ID parameter that contains gobbledygook, e.g.
?id=x%2BAkDgv112e8MgBzsbqKGylYwinstead of?cpc=ABC123&rgid=SERVICEDESK. Encoded URLs prevent users from editing URLs in order to access information that they're not supposed to, e.g. by changing&rgid=SERVICEDESKto&rgid=APPS. - The ability to limit Support Leads (and, optionally, Also Alerts) to only be able to access information for their Support Group(s). This requires users to be signed on, either with the new email address feature or with Single Sign-On.
These new security features are described in detail in this article.
Tweaks to our access rules
We are making the following refinement to our access rules:
- If you use Single Sign-On, IP Address Security now also applies. If you have IP Address Ranges specified in your instance preferences AND you use Single Sign-On, user IP addresses will now be checked after sign-on.
- If you use Single Sign-On, Product Comms Recipients (listed in your instance preferences) are no longer considered an authorised user. If you have Product Comms Recipients who need continued access to CIOPulse, add them as an Additional Send-To Recipient or Contact.
- When the existing 'Also Alerts for SR Only' instance preference is set to 'No', Also Alerts will be able to access displays, reports and dashboards for their Support Group, i.e. they have the same access authority as the Support Lead.
- Monthly Report Recipients in your instance preferences will now be able to request any report (just like Administrators and Additional Send-To Recipients).
- Support Leads of Departments will be able to request reports for the individual Teams in their Departments.
If you have any questions about these changes, please email us at [email protected]