Security Settings

Overview

Account Settings security options apply only to users in the account who do not have permission to view full credit card numbers. PCI Compliance standards require users who have permission to view full credit card numbers to have a session timeout of 15 minutes and a password expiration of 90 days.

Session Timeout

Session Timeout options are 8 hours.

Session Timeout options are 4 hours.

Session Timeout options are 15 minutes.

4 hours is the default.

When the specified timeout is reached, the user must re-enter their password to re-activate their session.

Expire user passwords after

Expire user passwords after 90 days.

Expire user passwords after 180 days.

Expire user passwords after 365 days.

Expire user passwords after Never.

Note that a user's password expires after that number of days, regardless of when they last logged in.

Mask date of birth field?

Mask date of birth field is a checkbox.

Selecting the mask date of birth field checkbox masks the date of birth, similar to how a password field is usually masked.

Security Settings

Full CC Number Access options may be set at the account level (Account Settings > Implementation > Products).

At the event level (Plan > Configure > Options), the corresponding options may be on or off.

If the user has both Full CC Number Access options off at the event level, then that user’s security settings are determined by the Account Settings.

If the user has either Full CC Number Access option on at the event level, then that user’s security settings are determined by PCI Compliance standards.

The value of the event level options does not affect the user’s security settings (Account Settings > Administration > Users).

Best Practices

The session timeout and password expiration options required by PCI Compliance are very restrictive and will be cumbersome to most users.

Therefore, unless access to the Full CC Numbers is absolutely required, the account Administrator should turn off the Financial and/or Accommodation modules so these Account Setting options can be utilized.

Other Settings

• Set Email FROM value to:
• Use event-information@certain.com — If selected, all emails will be sent from the email address event-information@certain.com. Registrants will not be able to respond to this email address.
• Use Event Registration Contact — If selected, all emails will be sent from the email address of the registration contact for the event, as set up under Plan > Event Setup > Detail. Registrants will be able to reply to this email address.
• Note: When you send email to registrants, the From and To fields saved on the email template take precedence over the choice on this Security Settings page (and over the Event Contact information in the event.)
• CAUTION: If you select the second option, Use Event Registration Contact, there is a greater likelihood that email sent from Certain will be marked as spam, and not reach the intended recipient. Before selecting the second option, you should work with your IT department to ensure that Certain's mail servers have been added to your domain's SPF (Sender Policy Framework) records. The mail server name to be added is: "mail2.register123.com".
• For more information on the SPF, click here.
• To identify current SPF records for your domain, click here.

• Restrict Email generation to Event Builder and above — If selected, then only Event Builders, Administrators, and System Masters will be able to send emails; for example from Promote > Communicate, or via Mass Actions on report results, etc.

(Default value = not selected; that is, any user can send email.)

• Certain Google Analytics — If selected, then Google Analytics code is included on websites and forms. (A Google Analytics Tracking ID must be specified on the relevant setup page(s): Plan > Configure > Options, Plan > Forms, Promote > Websites, Engage > Mobile > Settings, or Manage > Speakers and Sessions > Speaker Portal > Settings.)

You can clear this check box to exclude Google Analytics.

(Default = selected, that is, Google Analytics code is included on websites and registration forms, etc.)

For full details of setting up Google Analytics in Certain, see this guide.

• Show Default Statuses — If selected, then the 11 Registration Statuses included as defaults in Certain are available for use in events.

(Default statuses are: New, Requested Invitation, Waitlist Hold, Invited, Request Denied, Invitation Sent, Pre-Registered, Declined Invitation, Cancelled, No-show, Attended.)

You can clear this check box to hide all default statuses, in which case all events in the account can use only the custom registration statuses added on Plan > Configure > Custom Statuses.

(Default = selected; that is, all default Registration Statuses are available for use.)

Caution: If this check box is cleared, then be sure to always have custom registration statuses set up in every event, since the status is a required field on registrations.

• Enable CKeditor — If selected, as it is by default, then pages in which you can enter and edit HTML text (such as Promote > Communication > Email Templates) include an Enable Editor? check box, which adds this third-party WYSIWYG editor to the page when selected. You can clear this check box to remove the option to display the editor on those pages, leaving just a plain text box, into which you can enter plain text or HTML, or paste HTML text from an external editor.

Related articles

• What to do when registrants do not receive emails - SPF/DKIM/DMARC Failure
• Best Practices: Email Deliverability
• Error when no Form in the Event is marked as Primary
• Create a New Form
• Changing the Currency Used in an Event

Comments 0 comments