For the security of the information in your A2Z Events Global Admin (GA) and as a best practice, we recommend reviewing your user list periodically.
For specific page functionality, see also: User Management.
Here are some tips to help you maintain users your A2Z Events system:
Disable Orphaned User Accounts
As soon as a team member or a vendor stops working with your organization, it is important to ensure that they do not have access to your A2Z Events system. Please contact your internal team member who has the highest access level (10) and request that their account be disabled.
Once a user is marked as no longer active, that user can no longer log in, but their past usage data is kept intact for auditing purposes.
You are allowed to have as many valid users as your organization needs.
Create a New User Account Instead of Modifying an Existing One
Instead of modifying the user name and recycling an old user account, always add a new user with appropriate access level for a new team member.
The issue with re-utilizing the old user login is that every action taken under the old team member's account would now belong to the current user. This creates a data integrity issue since you will no longer have a clear history of what the previous user did or didn’t update in your system.
Update Incomplete User Information
If the Full User Name field is empty, take a moment to contact your internal team member who has the highest access level (10) to let them know who that User ID belongs to. When you are searching for specific users, this will make it easier to see your current user names.
Provide Valid and Unique Emails
From time to time, your Personify Account Manager or Support Team members may need to contact specific users to support their issues or questions. It's, therefore, important to provide only valid and unique email addresses for each of the users in your A2Z Events system.
Additionally, valid email addresses are required for users to be able to reset their passwords should they forget them.
User passwords are configured to expire every three months in accordance with PCI Compliance standards. Therefore it is not recommended that password expiration be disabled for any account which has access to financial data.
Please sign in to leave a comment.