Question

How is user access secured?

Topic: Admin Settings & Integrations

Answer Medium Confidence (63%)

**How is user access secured?**

User access is secured through password‑protected, uniquely identified accounts plus role/module permissions, optional Single Sign‑On (SSO), configurable password/session policies (strong passwords, resets, timeouts), and administrative controls for module and data access (including PCI and GDPR controls).

Details:

- Unique, password‑protected user accounts (login ID = unique email). Administrators manage users and user types/permissions from the User Administration pages. [User Information](https://platform-support.certain.com/hc/en-us/articles/30505071164183)

- Role/type and account scoping control levels of access (different user types and account/sub‑account visibility). [User Information](https://platform-support.certain.com/hc/en-us/articles/30505071164183)

- Single Sign‑On (SSO) support (SAML2/OAuth2 etc.) that admins enable per account/event and choose where it applies (forms, Mobile, Speaker Portal). [SSO Configuration](https://platform-support.certain.com/hc/en-us/articles/30685235926167)

- Password and login options for the mobile Touchpoint app: attendee‑created, planner‑created, universal, and one‑time passwords; attendee passwords are strongly constrained (minimums and character requirements). One‑time passwords expire (15 minutes). [Login Options (Touchpoint)](https://touchpoint-support.certain.com/hc/en-us/articles/360033674993-Login-Options)

- Elevated/PCI‑sensitive controls: viewing full credit card numbers requires explicit per‑user permissions, PCI background checks, a 15‑minute session timeout for CC viewers, and a 90‑day password reset requirement (and account/module level toggles to remove CC access). [Adding/Removing Full Credit Card Information Access](https://platform-support.certain.com/hc/en-us/articles/360020886374-Adding-Removing-Full-Credit-Card-Information-Access-for-a-User)

- Privacy and compliance: GDPR data‑subject request guidance is available for view/edit/delete requests. [User Information (GDPR note)](https://platform-support.certain.com/hc/en-us/articles/30505071164183)

- Administrative controls: admins can add/remove users, export user lists, send password emails, and enable/disable modules that affect data exposure. [User Information](https://platform-support.certain.com/hc/en-us/articles/30505071164183) and [CC Access](https://platform-support.certain.com/hc/en-us/articles/360020886374-Adding-Removing-Full-Credit-Card-Information-Access-for-a-User)

Which area do you want to secure most: platform/admin accounts, attendee/mobile (Touchpoint) access, or payment/credit‑card access?

Q&A ID: 523

Source Confidence: 63% (based on semantic similarity to source pages)