Jump to section:
Limiting the Program Access of Users
Adding / Editing User Accounts
User Account Security Profiles
Introduction
The Add/Edit user page allows the account administrator to add or edit User Accounts, manage and create Permission Profiles, and create and manage Data Permission Groups. You can define each user’s access to PDI's functionality, geography, and data field values in the system.
- To access the Add/Edit User Accounts page, hover the mouse over the Admin section of the Navigation Menu, and click the Add/Edit User Accounts button.
Limiting the Program Access of Users
The PDI system can limit the access of user accounts in multiple ways:
- User Account Geography – Users can be granted access to only a portion of the overall Organization Account geography. This option is useful for larger organizations who want to assign their staff to specific regions, or for campaigns who have divided their district among their staff.
- Account Functionality – Almost every page, tab, drop-down menu, and list box in the program can be configured to grant or deny functional access. The program bundles these individual permission settings into a Permission Profile that can be assigned to one or more user accounts.
- Data Access – Access to proprietary data points, flags and saved universes can be limited based on Data Permission Groups. User accounts can be assigned to one or more Data Permission Groups. Each Candidates/Issue, ID Flag, Survey Question, Acquisition Type, and Saved Universe can be assigned to one or more permission groups. This process allows data to be quickly and easily permissioned without having to reference each user account.
- Universe Filter - The Universe Filter options gives the account admin the ability to limit a users access to specific group of voters. The Universe filter is set by using our Freehand Query language.
Adding / Editing User Accounts
The creation of a user account requires that you provide the users first name, last name, a valid email address, and select an Account Permission Profile to set the new users permission level. An email will be sent to the provided email address so the user can set their own password. Account administrators are not allowed to access the passwords of other users in their organization account. If a password is forgotten, users can reset their own passwords by clicking the Forgot Your Password button on the PDI log-in screen, and following the instructions on the page. Creating a new user is accessed by clicking the Add New User button in the Add / Edit User Account tab. Below are a list of fields located in the Add New User page.
- First Name - The first name of the user.
- Last Name - The last name of the user.
- Email Address - The email address of the holder of the new account. Note: This must be a valid email address, as this individual will receive a validation email with a link to activate their account.
- Mobile Phone - The phone number where the user will receive their token for 2-Factor authentication.
- Authenticate via App / Mobile Device (via Authy App) - Enables Authy app 2-Factor Authentication. Note: if the user has not installed the Authy app, they will receive an SMS message.
- Require Two Factor Authentication via Authy App (Recommended) - Enables 2-Factor Authentication. Note: activating this alone activates email 2-Factor Authentication.
- Allow Post Election Mode Use - Provides the user with access to the organization account after the election has passed. Note: Post-Election mode is used for account analysis.
- Assign Software Permission Profile - Assigns the user a permission profile, giving them access to the selected pages and functionality of the program.
- Only Allow User to View the Following Datasets - Restricts the People the user can access to a particular dataset.
- On Open - Go To Page - Sets the page the user will see upon logging into their account.
- Assign Home Page Layout - Sets the home page layout the user will receive.
- Expire Access For This User On - Sets the date the user account will become inactive.
- User Is Active - Determines if the user account is active or inactive.
- Set Geographic Filter for User - Sets the user accounts geographic area to the selected area/s.
- Only Allow User To Access Voters in the following Universe (User Freehand Query) - Sets a filter on the users voter file, only allowing them view the universe in the selected demographic.
Adding a New User
- Click the Add User button
- Use the First Name textbox to enter in the first name of the new user.
- Use the Last Name textbox to enter in the last name of the new user.
- Use the Email Address textbox to enter in the email address of the new user.
- (Optional) If you want to enable two factor authentication for the user, use the Mobile Phone textbox to enter in the phone number of the user.
- (Optional) Activate the Require Two Factor Authentication via Authy App (Recommended) checkbox to enable Two Factor Authentication.
- (Optional) Activate the Allow Post Election Mode Use checkbox if you would like to give the user Post-Election account access.
- Use the Assign Software Permission Profile section to select the Permission Profiles you would like to assign to the user.
- (Optional) Click Show Advanced Options (next to the Cancel button).
- (Optional) Use the On Open - Go To Page drop-down menu to select the page the user should when they log into the organization account.
- (Optional) Use the Assign Home Page Layout drop-down menu to select the homepage layout you would like to assign to the user. Note: If you leave this drop-down menu blank the user will receive the default homepage layout.
- (Optional) If you would like to expire the account after a particular date, use the Expire Access For This User On textbox to set the date for the account expiration.
- (Optional) Use the Set Geographic Filter for User section to select the geographic areas you would like to limit the account to.
- (Optional) Use the Only Allow User To Access Voters in the following Universe (Use Freehand Query) textbox to limit the users access to specific universe of voters.
- Click the Save button to create the user.
Editing Users
Editing preexisting user accounts is done by clicking on the name of the user. This will bring you to the User Edit page, which features the same exact fields that appear when creating a new user. Please reference the instructions in the Adding a New User sub-section above for further detail.
Deactivating a User Account
- Click on the name of the user you would like to deactivate.
- Click the Show Advanced Options link.
- Deactivate the User is Active checkbox.
- Click the Save button.
Reactivating a User Account
- Activate the Show Inactive Users checkbox.
- Click on the name of the user you would like to reactivate.
- Click the Show Advanced Options link.
- Activate the User Is Active checkbox.
- Click the Save button.
User Account Security Profiles
The User Account Security Profile, also know as permission profiles, allows account administrators to provide access to various pages and functionality of the BlueVote program. User Account Security Profiles are divided into two parts; the first part is the actual permissions that are assigned to the user, the second part is the Permission Level. The Permission Level determines the which User Account Security Profiles the user will have access to. Users can access any User Account Security Profile that contains a Permission Level of their Permission Level or lower. Users can be assigned multiple User Account Security Profiles at one time, which will combine all of the user access together, while providing the user with the highest ranking Permission Level between the selected User Account Security Profiles. Making selections for your User Account Security Profile can be done in two ways; you can either activate the checkbox for the header of the section which will give you full functionality of the selected item, or you can click the Plus button to the left of the header to display the sub-sections and partition out functionality of the page independently. A list of our default Account Security Profiles can be found here.
Creating a new User Account Security Profile
- Activate the check boxes of the desired permissions you would like to assign to the User Account Security Profile.
- If you would like to assign complete access to the program to the User Account Security Profile, click the Select All link.
- Use the 5 - Very High Level drop-down menu to assign a Permission Level.
- Enter the desired name for the profile in the Save As text box.
- (Optional) If the profile to be created should appear in the current account's child accounts, activate the Set as Default check box.
- Click the Save button to save the User Account Security Profile.
Editing a User Account Security Profile
- Use the Select a Profile drop-down menu to select the User Account Security Profile that you would like to edit.
- (Optional) Activate/Deactivate the check boxes of the desired permissions.
- (Optional) Use the Permission Level drop-down menu to select
- Click the Save button to save your changes. Note: Make sure you leave the Save As textbox blank, or you will create a new Account Security Profile.
Deactivating a User Account Security Profile
- Use the Select a Profile drop-down menu to select the User Account Security Profile you would like to delete.
- Click the View Accounts with Profile button.
- The list in the Manage Profiles page contains a list of all users who are currently assigned the User Account Security Profile. If the list contains the name of any users you will need to assign those users to a new User Account Security Profile.
- Activate the checkbox for each user you would like to assign the new User Account Security Profile.
- Use the Select a Profile drop-down menu to select the User Account Security Profile you would like to assign.
- Click the Save button to reassign the users to the new User Account Security Profile.
- Repeat steps a - c to until all users have been assigned to a new User Account Security Profile.
- Click the Delete Profile button to delete the User Account Security Profile.
Data Permission Management
The Data Permission Management tab allows account admins to create Data Permission Groups which allows account admins to permission the various data points in the organization account to specific users. These data points include, but are not limited to, ID Flags, Candidate/Ballots, Survey Questions, Acquisition Types, Voter Universes, Contact Universes, and everywhere else in the program you can find the Lock icon. Assigning an item to a Data Permission Group will make the item to all users outside of the group. If data is not assigned to a Data Permission Group, all users in the organization account will have access to the data points. Users can be assigned to multiple permission groups, and there is no built-in hierarchy. Additionally, data points can be assigned to more than one Data Permission Group. This provides greater flexibility as organizations have data with various levels of sensitivity.
When a user creates a Voter or Contact Universe that includes restricted data, that Saved Universe will adopt the Data Permission Group assignments for every data point referenced in the universe. Therefore, users without permission to each data point used in the universe can have access to the Saved Universe. This prohibits sensitive data from being used or exported without authorization. Highly sensitive data can be tagged with Req. Auth, which will require special permission when used in an output file. In these cases, files will go to a special folder for manual review and approval. Once approved, the files will be released to the File Pickup Folder so the requesting user can download the file.
Creating Data Permission Groups
- Click on the Create a New Group button.
- Use the Permission Name textbox to assign a name for the Data Permission Group.
- Activate the checkboxes of the Users you would like to add to the Data Permission Group.
- Click the Save button to save your Data Permission Group.
Editing Previously Created Data Permission Group
- Click on the Name of the Data Permission Group you would like to edit.
- (Optional) Use the Permission Name textbox to assign a name for the Data Permission Group.
- (Optional) Activate the checkboxes of the Users you would like to add to the Data Permission Group.
- Click the Save button to save your changes.
Assigning Data Permission Groups to Data Points
The location where Data Permission Groups are assigned to Data Points is located in various places throughout the program. Despite the multiple locations where this functionality can be used, the process is always the same. Instructions for assigning Data Permission Groups to data points can be found below.
- Click the Icon.
- Activate the checkboxes for the Data Permission Groups will be given access.
- (Optional) Activate the Req. Auth checkbox to require special approval for generating files that contain the selected data point..
- Click the Save button.
Two-Factor Authentication
2-Factor Authentication adds an extra layer of security to your BlueVote account requiring that the individual logging into the account have access to their cellular device each time they log into the system. Any method of 2-Factor Authentication makes your account more secure, however some are better than others. The Authy app is the most secure method of 2-Factor authentication compatible with the BlueVote system. The first time you open the Authy app, the app checks the phone number on your device. Once the phone number has been matched to the app, the app will then match to the phones internal ID, so even if your device has been so even if your device has been SIM Swapped, they will not be able to access your BlueVote Account. The Authy app uses a Time-based One-Time Passcode which expires after a short amount of time. Upon expiration of the Time-based One-Time Passcode the Authy app will generate a new Time-based One-Time Passcode. For more information and tips to better secure your Authy account, click here.
SMS 2-Factor Authentication is the next most secure method of 2-Factor Authentication offered in the BlueVote system. This method is used automatically is you select Authy authentication, but have not yet installed the Authy app on your mobile phone. Despite the message being sent to your mobile device, this method is not 100% secure, since your mobile device can be attacked by SIM Swapping or direct attacks on a cellular network. Despite some security risk, SMS 2-Factor is significantly more secure than Email 2-Factor since it takes a lot more effort to hack a mobile phone.
Adding Two-Factor Authentication to a Preexisting User
Below are instructions for adding Two-Factor Authentication to a preexisting user account. Please review the Adding a New User sub-section for adding Two-Factor Authentication for a new user.
- Click on the Name of the user who you would like to give Two-Factor Authentication.
- Use the Mobile Phone textbox to enter in the users phone number.
- Activate the Require Two Factor Authentication via Authy App (Recommended) checkbox.
- Click the Save button to save your changes.
Removing Two-Factor Authentication from a User
- Click on the Name of the user who you would like to remove Two-Factor Authentication.
- Remove the phone number in the Mobile Phone textbox.
- Deactivate the Require Two Factor Authentication via Authy App (Recommended) checkbox.
- Click the Save button to save your changes.