Configuring Security

Objectives

After completing this lesson, you will be able to:

  • Create a Security Group
  • Create a User and Assign them to a Group
  • Configure Password Policies for a User

Create a Security Group

As with any application, security is of key importance to ensure only the right users have access to your organization’s sensitive data. APMe security management allows you to control user access to all aspects of the system, including portals, forms, individual fields, actions, and other system features.

As an example, consider the image below. Alexander Smith is an administrator, and has access to all four portals: Manager, Integration, Administration, and Credentialing. Deborah Willis is a producer, and only has access to the Credentialing portal, where she can only view her own licenses and appointments.

The features of security management in APMe include the following:

  • Using Security Groups, you can configure access to forms, fields, actions, and system features for specific sets of users.
  • User Management allows you to create and manage users, as well as their authentication and authorization in the application.
  • Password Policies allow you to configure a password policy to define constraints and requirements for passwords and password maintenance.
  • The Data Protection and Privacy capability allows you to configure fields as personal and sensitive data fields, and block data, if needed.
  • APM also includes an Auditing capability to audit every add, update, and delete made by a user, as well as all successful and failed user login attempts.

Security Groups

1. From the Administrator portal, select Security – Security Groups.

2. Click Create +.

3. Enter a unique Security Group ID and Full Name.

4. Select a Portal.

5. Select Save.

Select the link 'Using Security Groups' to get more information.

Using Security Groups to Manage Access to Forms and Fields

APMe has many different types of users, ranging from administrators with full access to the system to individual agents or payees who can see a limited view of their own data. Displaying the system in different ways for different types of users can be managed using the security groups we created earlier. Some of the many ways security groups can manage user access include:

  • Hide or display forms
  • Make a form read-only
  • Hide an action, such as Save or Activate
  • Hide or mask a specific field

Each security group is associated with a portal, such as Manager, Integration, or Administrator.

Exercise: Create and Configure a Security Group

Business Example:

In this exercise, you will create a new security group that is associated with the Manager portal. Members of this group will have read-only access to producer details, and are not allowed to view the Tax ID field on the Producer Detail form.

Steps

  1. Create a Security Group called MySecurityGroup.

    1. From the Administrator portal, select Security – Security Groups.

    2. Select (+).

    3. Enter the following information for the new security group:

      • SecGroupID: MySecurityGroup
      • Name: My Security Group
      • Portal: Manager
      • Leave all other fields at the default.
    4. Select Save.

  2. Use Form Security to configure access to the Producer Detail form.

    1. Select the Form Security tab.

    2. On the Producers tab, select Producer Master.

      The Form Security Setting dialog box opens.

    3. From the Access menu, select Read Only.

    4. In the Search bar, type 'TAX'.

    5. On the SSN/TIN row, select the Hidden radio button.

    6. Select Complete.

Creating Users

Once your security groups are set up, create at least one (preferably two) administrative users with full access to the system. Users in the context of Agent Performance Management are the individuals who use the system. This is in contrast to Producers, who are added in the Producers portal.

To create a user:

  • From the Administrator portal, select Security – Users.
  • Select Create.
  • Enter the user’s full name and User ID.
  • Enter the user’s email address.
  • Optionally, select an effective date, default language, or other user information.
  • Select an authorization type. In this case, we will use LDAP.
  • Scroll to the Portal Access section and select the portals to which the user should have access.
  • For each portal, select the Security Group ID that grants access to the portal.
  • Select Save.
  • Select Activate.

Exercise: Create a new user and assign the security group

Business Example:

In this exercise, you will create a new user and assign them to a security group.

Steps

  1. Create a new user.

    1. From the Administrator portal, select Security – Users.

    1. Select Add (+)

    2. Enter the following information for the new user:

      • · Name: Alexander Smith
      • · User ID: asmith
      • · Effective: 1/1/2022
      • · Contact email: asmith@safecareinsurance.com
      • · User time zone: US/Eastern Time (ET)
    3. Scroll down to the Authorization section and set the Authentication Type to LDAP.

  2. Assign the new user to the Manager portal using the access granted by the new security group.

    1. Scroll down to the Portal Access section.
    2. Select the Manager checkbox.
    3. In the SecGroupID field, select MySecurityGroup.
    4. Optionally, select the Integration, Credentialing, and Administrator checkboxes. Select any SecGroupID as shown in the image below.
  3. Select Save.

Password Policies

Password Policies define constraints and requirements for passwords and password maintenance. Some of the items that can be configured in the password policy include:

  • Maximum password length
  • Password expiration rules; for example, passwords must be changed every 60 days.
  • The password duplication cycle sets the number of cycles for which a password can be reused.
  • Maximum failed login attempts

Password policies can be set under Administrator → Security → Security Configuration.

Log in to track your progress & complete quizzes