Project managers with appropriate permissions can manage who gets access to the project and are also able to change the permissions of users to control what they can see and do.
Click on the project name in the top-right corner and select 'Users' to get an overview of users that currently have access to the project. Users listed in grey are invited, but have not yet setup their One Community account.
Inviting new users
Click on 'Add' at the top of the users overview to give someone access to the project. Enter the e-mail address of the person you would like to add. This e-mail address will become their username.
A verification e-mail will be send to the new user to help them with setting up their One Community account. The invited user will receive a notification e-mail if they already own a One Community account (but attached to a different project).
Security
One Community provides different security layers to protect the data in your project: role-based authorisation, two-factor authentication and network restrictions based on IP.
Role-based authorisation
One Community comes with multiple roles, each containing a set of permissions. For each entity (i.e., Accounts or Orders) separate permissions exist for reading, updating or deleting. Roles can assigned when inviting or editing users. One Community protects your project against authorisation escalation -- it is not possible to grant more permissions than you have yourself.
Two-factor authentication
User accounts can be made more secure by enabling two-factor authentication besides passwords. By enabling 2FA users will receive an SMS containing a token to login to One Community. 2FA can be enabled by entering a phone number in the user account details and selecting 'Enable two-factor authentication'. The phone number must be capable of receiving SMS.
If users do not want receive 2FA tokens through SMS, they can install the third party 'Authy' app to generate tokens directly on their phone or tablet. The Authy app can be downloaded from https://authy.com/download/.
IP-based restrictions
Users can be restricted to only be able to login from known locations (e.g., the office) or networks (e.g., the company's Virtual Private Network -- VPN). Moreover, active sessions can be monitored including IP, browser, device and last activity. Please contact us if you would like to enable IP-based restrictions for your project.