My Profile
Sign Out
Tickets
Knowledge Base
Login
Articles in this section
Category / Section
  2. Privacy and Security

Users and Roles

Published:
3 mins read
Updated:

Jomablue offers various User Roles, each with distinct permissions to set up and manage events.

Note:

  • 2FA: All user accounts have the option to enable Two-Factor Authentication (2FA). We strongly suggest enabling 2FA during the account setup to enhance security
  • Trusted User Accounts: A Trusted account has permission to view and export a list of People data. A User Account without Trusted permissions cannot access people lists or export them

Chart of User Roles

This is a list of each user role and their various permissions in Jomablue. You can view the full list here.

Owner

The Owner role has unlimited privileges and is considered a Trusted user. This role is the only one permitted to create new user accounts, and it is possible to have more than one Owner.

Portal and Trusted Portal

Has access to managing the Event, People, Vendors, Campaigns and Settings. Only Trusted Portal roles can access export, explore people and other bulk people data functionality.

Finance and Trusted Finance

Has the same access as Portal. In addition, they can see financial figures related to Registration. This includes Gross Sale amounts and financial reporting. Users of the Finance role will see additional menu options. Only Trusted Finance Admin roles can access export, explore people, financial reports and other bulk data functionality.

Admin and Trusted Admin

Admin role has the same access as Portal and Finance as well as some back-end administrative tasks. The Trusted Admin user role allows exploring interactions, people, financial reports, and other bulk data.

Organiser

The Organiser User Role is designed for Event Organisers who require access to the Event Dashboard(s) but do not need access to the Jomablue portal itself. Upon setting their password for the first time, an Organiser-level user will be directed to their Event Dashboard.

Jomablue CX

The Jomablue CX User Role is designed for users to have access to the Jomablue CX App available on iOS iPhone and iPad. They do not have permission to Jomablue portal. Upon setting their password for the first time the user will be directed to login to Jomablue CX.

Import

This role is designed to provide access solely to the API import feature. Please note if does not provide access to the Portal and any other feature listed above.

Event Limited

This role is designed to assign any of the roles listed above, to a specific Event. This provide a granular control over which user roles to assign per event.

Add a User in an Instance

  1. Navigate to Advanced > Users
  2. Click on New User
  3. Complete the following fields: Email
         a. Full Name
         b. Mobile
         c. Role
         d. Two-Factor Authentication (always select ‘On’ for improved security)
         e. Use the authenticator app for the second factor (always select ‘On’ for improved security)
  4. Click Save

App-Based Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) is important to prevent unauthorised access to customer data. App-based Multi-Factor Authentication serves as the second factor for logging into the Jomablue Portal, with the option to use SMS passcodes in exceptional circumstances.

Apply an authenticator app to new users

When setting up new users, the option to enable an authenticator app is activated by default. If this option is set to "Off," SMS passcodes will be used.

When logging into the Portal for the first time with MFA enabled, users will be prompted to apply an authenticator app, which should take no longer than a minute. Once configured and the user enters their username and password, they will be asked for the code from the authenticator app before gaining access to the portal.

Trust This Device

During the login process, there is an option to ‘Trust this device’ after entering the code from the authenticator app. This will prevent the user from needing to enter an authentication code for a specified number of days (customisable per instance, default is 7 days) and only require the username and password.

Reset a user's Authenticator App

If a user loses their device and cannot access the authenticator app’s code, they will need to contact their account owner to perform the following:

  • The account owner or Jomablue should update the user record Authenticator App option to Off (it will revert to the SMS passcode) and press Save
  • Re-select the user and update the user record Authenticator App option to On and press Save
  • The next time the user logs in, they will be prompted to set up their new device and Authenticator App

Alternatively, the Authenticator App option can be disabled (Off) and the user can then log in using the SMS passcode method and retain full access (based on their role) to Jomablue.






Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
Access denied
Access denied