Security Settings

  Account Settings  > Implementation > Security    (Available only to Administrators)

Account Settings

These Account Settings security options apply only to users in the account who do not have permission to view full credit card numbers. (PCI Compliance standards require users that have permission to view full credit card numbers to have a session timeout of 15 minutes, and password expiration of 90 days.)

• Session Timeout – Select 8 hours, 4 hours (the default), or 15 minutes.
  When the specified timeout is reached, the user must re-enter their password to re-activate their session.

• Expire user passwords after – Select 90 days (the default), 180 days, 365 days, or Never.
  Note: A user's password expires after that number of days, regardless of when they last logged in.

• Mask date of birth field? - Select this check-box to mask the date of birth (similar to how a password field is usually masked).

Security Settings

If either Full CC Number Access option is selected at the account level (Account Settings > Implementation > Products),
and the user has both of those options off at the event level (Plan > Configure > Options),
then that user’s security settings are determined by these Account Settings.

If either Full CC Number Access option is selected at the account level (Account Settings > Implementation > Products),
and the user has either of those option on at the event level (Plan > Configure > Options),
then that user's security settings are determined by PCI Compliance standards.
The value of these options at the event level does not affect the user’s security settings (Account Settings > Administration > Users).

Best Practices

The session timeout and password expiration options required by PCI Compliance are very restrictive and will be cumbersome to most users.

Therefore, unless access to the Full CC Numbers is absolutely required, the account Administrator should turn off the Financial and/or Accommodation modules so these Account Setting options can be utilized.

Other Settings

• Set Email FROM value to:
  (Select the email address you wish to use for sending emails from Certain. The email address will be listed as the From: address on all emails.)

• • Use event-information@certain.com – If selected, all emails will be sent from the email address "event-information@certain.com". Registrants will not be able to respond to this email address.

  • Use Event Registration Contact – If selected, all emails will be sent from the email address of the registration contact for the event, as set up under  Plan > Event Setup > Detail. Registrants will be able to reply to this email address.

NOTE: When you send email to registrants, the From and To fields saved on the email template take precedence over the choice on this Security Settings page (and over the Event Contact information in the event.)

CAUTION: If you select the second option, Use Event Registration Contact, there is a greater likelihood that email sent from Certain will be marked as spam, and not reach the intended recipient. Before selecting the second option, you should work with your IT department to ensure that Certain's mail servers have been added to your domain's SPF (Sender Policy Framework) records. The mail server name to be added is: "mail2.register123.com".

For more information on the Sender Policy Framework (SPF), click here.

To identify current SPF records for your domain, click here.

• Restrict Email generation to Event Builder and above – If selected, then only Event Builders, Administrators, and System Masters will be able to send emails; for example from Promote > Communicate, or via Mass Actions on report results, etc.
  (Default value = not selected; that is, any user can send email.)

• Certain Google Analytics – If selected, then Google Analytics code is included on websites and forms. (A Google Analytics Tracking ID must be specified on the relevant setup page(s): Plan > Configure > Options, Plan > Forms, Promote > Websites, Engage > Mobile > Settings, or Manage > Speakers and Sessions > Speaker Portal > Settings).
  You can clear this check box to exclude Google Analytics.
  (Default = selected, that is, Google Analytics code is included on websites and registration forms, etc.)
  For full details of setting up Google Analytics in Certain, see this guide.

• Show Default Statuses – If selected, then the 11 Registration Statuses included as defaults in Certain, are available for use in events.
  (Default statuses are: New, Requested Invitation, Waitlist Hold, Invited, Request Denied, Invitation Sent, Pre-Registered, Declined Invitation, Cancelled, No-show, Attended.)
    You can clear this check box to hide all default statuses, in which case all events in the account can use only the custom registration statuses added on Plan > Configure > Custom Statuses.
    (Default = selected; that is, all default Registration Statuses are available for use.)
  Caution: If this check box is cleared, then be sure to always have custom registration statuses set up in every event, since the status is a required field on registrations.

• Enable CKeditor – If selected, as it is by default, then pages in which you can enter and edit HTML text (such as Promote > Communication > Email Templates) include an Enable Editor? check box, which adds this third-party WYSIWYG editor to the page when selected. You can clear this check box to remove the option to display the editor on those pages, leaving just a plain text box, into which you can enter plain text or HTML, or paste HTML text from an external editor.