Clients, prospects and centers of influence are the lifeblood of your firm, and as such, placing strict access and logging capabilities around their records can be hugely beneficial from a security and audit perspective. Our Security Check feature ensures that only the parties that should be viewing Key Entity records are accessing it within your firm's Practifi organization.
- Understanding Security Check
- Enabling Security Check
- Customization Considerations
Understanding Security Check
Our Security Check feature makes access control possible by presenting a pop-up window to users before they can access the record, providing a way for them to ask verification questions of the person they have on the phone or to explain what they're doing with the record. The access request is then recorded against the Entity's record, giving you total visibility over who's looked at what. Access requests, both successful or suspicious, are recorded on the Entity record for auditing purposes.
When Security Check Appears
If enabled in your organization, the Security Check appears whenever a Household, Organization or Individual record is opened. This is true in all contexts:
When the Entity record is opened directly as the parent tab (learn more about tabs here)
When a related record is opened as a subtab of the Entity parent tab
When the Entity record is opened as a subtab
In the third scenario—when the Entity record is opened as a subtab—it may occasionally open as a subtab of another Entity, causing a conflict with the component. This situation occurs because the Entity in the subtab is an Individual, and the one in the parent tab is the Primary Entity. In these situations, the Security Check will be performed for the Individual. If the check is passed, access is granted to both the Individual and their Primary Entity. The Access Request record that logs the successful request will appear for both records.
Security Check Questions
When encountering the Security Check, a user will view a pop-up menu on the record asking them, What's your reason for accessing this record?. This drop-down has three available options for the user to choose from:
- Handling an online or phone-based inquiry
- Supporting material for an in-person meeting
Handling an Online or Phone-Based Inquiry
When this option is selected, the Security Check will first ask Who are you speaking with? which is a required field that provides a list of specific people within the Household or Organization to select. If the Security Check is for an Individual, this field doesn't appear.
Based on the person that's been selected, a set of verification questions appears with that person's designated answers. Questions are defined by your firm and only appear if an answer exists for the selected person.
Next to each question, the answer is displayed to the end user, along with its point value. The person you're speaking to must provide 100 points' worth of correct answers before the Open button becomes clickable, which grants access to the record. A Notes field also appears, which is a required field for explaining the reason for opening the record and must also contain a value before Open is clickable.
To record the person's response to each question, use the and buttons next to the answer. If one or more incorrect answers are provided, the following prompt appears to warn the team member that incorrect answers are suspicious:
|An incorrect answer was provided to one or more questions above. If this means the person has failed the security check, click the Close button below to close this workspace tab, and log the access request as suspicious. You can leave any additional notes in the field below.|
Supporting Material for an In-Person Meeting
Several fields appear below the initial question for the team member to complete:
Which meeting is it?: An optional field that allows the team member to specify the Event record the access request relates to (if one exists).
Who are you speaking with?: A required field that provides a list of specific people within the household or organization to select. If the Security Check is for an Individual, then this field doesn't appear.
Notes: A required field for explaining the reason for opening the record.
Once the required fields are completed, the Open button at the bottom of the Security Check becomes clickable, granting access to the record.
The Notes field appears below the initial question, which the team member uses to explain the reason for opening the record. Once this field is completed, the Open button at the bottom of the Security Check becomes clickable, granting access to the record.
Setting Verification Questions
The Questions page in the Settings app has been extended to support Security Check alongside our Risk Profile feature. Each question created in this section now has a specified Type value that changes the information it requires.
To create a question for Security Check, complete the fields below:
Description -The question as it appears in the Security Check window.
Active - A checkbox that, if checked, means the question is available for Security Check to use.
Order - Defines where the question appears within the question set, using a numerical value.
Type - Select Security Check.
Points - The number of points a successful answer is worth, given that 100 points are required to open the record.
Answer - Specify the field path from the Contact record of the person the team member is talking to when handling the Security Check to where the answer resides using Salesforce formula syntax.
For example, if your question asks about the person's date of birth, the value for the Answer field is Birthdate. If your question asks about the First Name of the person who referred them, then the Answer value is practifi__Primary_Entity__r.practifi__Referrer__r.practifi__Primary_Member__r.FirstName.
Questions will only appear during the Security Check if a value exists in the specified field of the person the team member is talking to. Only Text, Number, Currency and Date fields are supported.
Adjusting the Who are you speaking with? Picklist
People are made available in this picklist for one of three reasons:
They are the Primary Member as defined by the Entity lookup field
They are the Spouse as defined by the Entity lookup field
They are an Authorized Representative as defined by the Relationship checkbox
To define someone as an Authorized Representative, you can either update their Relationship record directly or check the box that's been added to the Add to Household/Organization and Create a Household/Organization actions.
Viewing an Entity Record's Access History
The History tab in the Overview on the Client record page includes a list of Access Requests, both successful and suspicious.
Users of the Compliance app also see Failed access requests in the last 30 days as a tile on their Home page, spanning all Entities where they are a nominated Compliance team member.
Security Check can block access to record list actions, like Edit and Start a Process. Record lists allow users to access record-specific functionality without opening the record page, and while convenient, this functionality can be problematic when trying to enforce access control. An optional setting allows you to apply this extra level of enforcement for your users.
Enabling Security Check
Navigate to the Additional Features page in the Settings app and click the button next to the Security Check feature to assign it to individual users, or to permission set groups.
If you want to block access to record list actions as described above, then you’ll need to add the Security Check User - Block Record List Actions & Fields custom permission to the Additional Features - Security Check permission set.
If you want users to see the Authorized Representative field on record pages and in actions, but not present the Security Check to them, then you’ll need to add the Objects, fields & system - Authorized Representative permission set to the relevant users or permission set groups.
If you want users to see the Access Requests list on Entity record pages, but not present the Security Check to them, then you’ll need to add the Objects, fields & system - Access History permission set to the relevant users or permission set groups.
|🛠 Implementation Details
This feature has modified the following items. If your firm has customized them, you'll need to either copy the changes into your customized version or switch to the default version and redo your changes:
Article is closed for comments.