Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Next »

Antavo security basics

Antavo’s policy framework is designed based on the ISO 27001 certification standards. This is ensured by passing periodical tests assessing the security protocols, update methods and authentication.

The Antavo Loyalty Engine uses API requests to communicate with client systems. Securing these requests is necessary to protect personal data and to prevent fraudulent behavior. HTTPS encryption and the API key and secret generated at the beginning of each program ensure that the data remains secure. Read more about the API security protocol here.

Authentication and password management

Make sure to consider the following advice:

  • Register only with individual accounts – do not use a generic account, e.g. info@yourcompany.com.

  • Do not share your password information with anyone.

  • Multi-factor authentication (MFA) is highly recommended for signing in to the platform for increased security.

    • Administrator users with elevated rights can enforce the use of MFA.

Password criteria

Go to the bottom-left corner of the page, and click on your profile's icon. The password policy-related criteria can be found under the Manage Profile → Change password interface. Here, besides the criteria, a password strength meter is displayed, assessing the strength of the given string.

Single sign-on

Single sign-on (SSO) lets users access all authorized network resources with one login. Usernames and passwords are validated against your corporate user database or other client apps rather than Antavo managing separate passwords for each resource. Some of Antavo’s integrations have developed SSO authentication with Auth0 using JSON web tokens (JWT) format.

Settings

There are a few security measures that you need to take under the Settings menu of the Antavo Backoffice.

General settings

Under Settings → General settings, you can define the password expiry time.

Under Localization, you can select a timezone for your loyalty program - this will reflect in the settings that are time-related, for example, coupon expiration deadlines. Please note that the Antavo servers have UTC time synchronized clocks.

Security settings

The system administrators can determine the session length of the brand under Settings → Security settings.

Data backup

Antavo creates a backup of all customer data. This customer service ensures 90-day retention period and 1-hour snapshots. Backups are located in the same stack as production instances. Please reach out to support in case you have further questions or requests.

Logs

Security logs

Security logs can be accessed by going to the General Settings page and clicking the Security logs tab. This page lists all login and password reset information that occurs in the specific brand. Read here about the details that can be accessed.

Workflow logs

Workflow logs contain every workflow run for the given customer. A new item is added to the log every time a workflow is triggered by an event or a date. The information listed includes the timestamp (the exact date and time of the execution), time (duration of the execution), type, node, and output (success or failure).

Event logs

The personal event stream can be viewed under the Customer insights page. This includes every event that has occurred to a customer, along with its type, date, and properties. Read more about customer events in the Activity log description.

Approval logs

Content Approval records are exportable for auditing in .cvs and .psv formats.

Webhook logs

The Webhook module’s Log page shows the list of events to keep track of webhook messages. The Summary page lists the time, action, customer, response code and status, as well as a detailed breakdown for every webhook, which includes the header and messages. Third-party tools PostBin can be used to display outbound webhook messages.

The webhook log also has the possibility of resending a webhook event, in case there was an error.

Access management

User role hierarchy

Antavo enables the creation of new Backoffice users with distinct roles, each with configurable access levels to the platform. In some cases, some users may need access (see, edit, and delete the value) to a particular object but need restrictions on individual fields.

User groups

The User groups module allows the controlling of end-user record level access. Setting up user groups simplifies the process of aligning users, organizational structures and roles.

Customer mapping

Creating customer mapping rules allows to batch-update various attributes of customers, based on their previously set grouping. This helps in organizing the customers to separate compartments in the Backoffice without the use of importing.

  • No labels