Antavo security basics

Antavo’s policy framework is designed based on the ISO 27001 certification standards. This is ensured by passing periodical tests assessing the security protocols, update methods and authentication.

The Antavo Loyalty Engine uses API requests to communicate with client systems. Securing these requests is necessary to protect personal data and prevent fraudulent behavior. HTTPS encryption and the API key and secret generated at the beginning of each program ensure that the data remains secure.
Read more about the API security protocol here.

Authentication and password management

Make sure to consider the following advice:

• Register only with individual accounts – do not use a generic account, e.g. info@yourcompany.com

• Do not share your password information with anyone

• Multi-factor authentication (MFA) is highly recommended for signing in to the platform for increased security

  • Administrator users with elevated rights can enforce the use of MFA.

Password criteria

Users can change their passwords by clicking the profile icon at the bottom of the main sidebar, opening the Manage profile page, and navigating to the Change password tab.

The ‘Password’ field informs the user about the password policy-related criteria (configured under the Settings menu) and displays if the entered password meets these criteria or not. Passwords that don’t meet the complexity requirements cannot be used as login credentials to the Antavo Backoffice.

Open

The new password has to be re-entered in the ‘Confirm password' field to make sure no unintentional change is made.

Single sign-on

Single sign-on (SSO) lets users access all authorized network resources with one login. Usernames and passwords are validated against your corporate user database or other client apps rather than Antavo managing separate passwords for each resource. Some of Antavo’s integrations use SSO authentication through the Auth0 identity management platform.

Security measures

There are a few security measures that you need to take under the Settings menu of the Antavo Backoffice.

• Define the password complexity rules and expiry time under the Passwords section

• Select a timezone for your loyalty program under the Localization section
  Please note that the configuration of imports, exports, and workflows (including both campaigns and ‘On a date’-triggered general workflows) reflects the actual execution and is based on the UTC timezone and displayed in the Backoffice accordingly.

• Determine the session length of the brand under the Security tab

Data backup

Antavo creates a backup of all customer data based on its data backup policy . Backups are located in the same stack as production instances. Please reach out to the Antavo Service Desk in case you have further questions or requests.

Logs

Security logs

Security logs can be accessed by opening the Security logs tab of the Settings menu. This page lists all login and password reset information that occurs in the specific brand.
Read more about the details that can be accessed here.

Workflow logs

Workflow logs can be accessed both from the point of a specific workflow or from a specific customer. A new item is added to the logs every time a workflow is triggered by an event or a date. The lists give information on the date (the exact date and time), time (duration), type, trigger, and output (success or failure) of workflow execution.

Event logs

The personal event stream can be viewed under the Customer insights page. This includes every event that has been registered on the customer’s event history, along with its type, date, and properties.
Read more about the customer event history here.

Approval logs

Content approval history is available and exportable for auditing in .cvs and .psv formats from the History page of the Content approval module.

Webhook logs

The Log page of the Webhooks (legacy), Webhooks, and Incoming Webhook modules shows the list of triggered messages.

• The Webhooks (legacy) and Webhooks log page lists the time, action, customer, response status with code, as well as a detailed breakdown for every webhook, which includes the header and messages.
  Third-party tools PostBin can be used to display outbound webhook messages.
  The webhook log also has the possibility of resending a webhook event, in case there was an error.

• The Incoming Webhook log page lists the date and time of the registration of the webhook message, the detailed request with the endpoint it was sent to, the processing time, and the response status with code.

Access management

User role permissions

Antavo enables the creation of new Backoffice users with distinct roles, each with configurable access levels to the platform. In some cases, users may need access (see, edit, and delete the value) to a particular object but need restrictions on individual fields.

User groups

The User groups module allows the controlling of record-level access of Backoffice users. Setting up user groups simplifies the process of aligning users, organizational structures, and roles.

Customer mapping

Creating customer mapping rules allows to batch-update various attributes of customers, based on their previously set grouping. This helps in organizing the customers to separate compartments in the Backoffice without importing.