In this article, you'll learn about the tools and features that ensure your account security.
- Multi-Factor Authentication (MFA)
- Password Change
- Account Activity Logs
- SAML Authentication
To manage your security settings, go to My Profile, and choose the Security tab.
As an administrator, you can also manage security in the Team Settings tab and enforce security settings for all account users.
The Account Owner can enforce Two-factor Authentication for logging into the Voucherify account. As a result, each logging attempt requires two forms of authentication. Voucherify supports text messages, Google Authenticator, and back-up codes as a second identification mechanism. Go here to learn more.
From this view, you may quickly change your Voucherify password. Click Change password.
Provide the current and new passwords. When ready, confirm with Change password.
You are going to receive an email notification each time a password change is performed.
Account Activity Logs
To gain valuable insights into account activity, you may also monitor the account security logs.
For more information about activity in a particular project, visit the Logs section in your Dashboard. Logs present detailed information on every interaction with Voucherify API made within your project. It enables you to track request coming from all origins including account users and customer's requests. Each log provides sent request, API response, and details including its status, information about related objects (campaign, order, and more). Read more.
Two types of notifications are displayed for the user.
- Project specific notifications - the settings for these are customizable (more details below)
- Account specific notifications - related to your subscription updates like trial expiration, credit card, etc.
Notifications are displayed in the Dashboard in two locations.
- Unread notifications - In the upper right section of the Dashboard, Click the bell icon
- Read and unread notifications - Click the bell icon, then click Go to Notification Center
Keep on reading below for more details on the Notification Center.
To access the unread notifications, click the bell icon.
You can Mark all as read, Reload to refresh the notifications, and Load more to display more unread notifications.
Here, the notifications are divided between three tabs:
- The Notifications tab lists notifications about your project.
To display all your notifications, click Go to Notification Center.
- The Account Notifications tab lists notifications related to account activity such as the start of a paid subscription or problems with processing a payment with a payment card.
To display all account notifications, click on Go to Notification Center.
- The Background Tasks tab lists all processes that are currently running in the background, such as importing vouchers to a campaign or deleting a campaign to name a few.
To display all background tasks, click on Go to whole list. To display the details for a given task, click Details. Read more here about background tasks.
You can customize project-specific notifications and decide what events should trigger notification via email or in-app message. Project-specific notifications are customizable and visible per user. Every user can configure which notifications to display for the current project.
Click Settings to personalize your notifications.
Next to each notification type, there is a drop down arrow Show details. Here you can turn the in-app and email notifications on/off using the toggle switch.
API Usage notifications
To enable new notifications, navigate to the Notifications Center > Api Usage Settings and follow the steps below:
- Click Show details next to the notifications you'd like to activate.
- Define the % usage limit that triggers the notification.
- Click Add email to define a receiver email address.
- Confirm with Save.
SAML Authentication is only available for the Enterprise plans. Contact us to request this feature.
SAML (Security Assertion Markup Language) ensures easy and centralized access management to your business applications and resources. Voucherify enables account administrators to connect a custom SAML application and use it instead of the standard authentication process while logging in. As a result, your users can log into the Voucherify account using a single sign-on authentication process.
The account administrator can enable and enforce SAML Authentication in the Team Settings > Security tab.
To connect the custom SAML application with Voucherify, you will need:
- Identity Provider EntryEndpoint URL (1) – in this field, provide the SAML URL where the identity provider sends the authentication token.
- Identity Provider certificate (2) – electronic document copied from the identity provider settings and used to prove the ownership of a public key.
Optional configuration details:
- Provider Name (3) – the name of your identity provider, e.g., OneLogin, Auth0.
- Issuer (4) – stands for the EntityID (unique identifier) of the service provider.
- Audience (5) – a value within the SAML assertion that specifies who (and who only) the assertion is intended for. The audience represents the service provider, usually by using a URL address that is validated when the request is received.
Encrypt SAML requests
To increase the security of your transactions, you can sign or encrypt both requests and responses in the SAML protocol:
- Sign SAML-Requests – add the private tenant key to sign SAML requests. You can also provide your own private/public key pair to sign requests from a specific connection.
- Decrypt SAML-Response – by default, the identity provider uses the private/public key pair assigned to your tenant to sign SAML responses or assertions. In the case of very specific scenarios, you might wish to provide your own key pair.
Recommended identity providers:
This tutorial shows the required steps to connect Auth0 Identity Provider.
After logging into your Auth0 account, go through the following steps:
- Go to Applications in the sidebar and click Create Application.
- Enter the name and select the type of application (Regular Web Application).
- Click on the Show Advanced Settings in the Settings tab.
- Go to the SAML section in the Endpoints tab and copy the SAML Protocol URL.
- Log into your Voucherify account and go to the Security tab in your Team Settings. Enable the SAML Authentication and place the copied URL in the Identity Provider EntryPoint URL field.
- Go back, go to the Auth0 and switch to the Certificates tab. Copy the Signing Certificate.
- Go to the Voucherify app and click the Add Certificate button.
- Paste the copied identity provider certificate and confirm with Save.
- Click Save to confirm SAML configuration.
- In response, you should see the Callback URL. Copy the link and go back to Auth0.
- Go to the Settings in Auth0 and scroll down to the Application Login URIs section. Paste the copied callback URL in the Allowed Callback URLs field. Click Save Changes to confirm.
- Scroll up the page and go to the Addons tab.
- Click on the SAML2 Web App and the Enable button. Next, confirm your changes with Save.
You can also enforce SAML authentification within your Voucheify account. As a result, each user has to log in using a connected identity provider.
You can now use the SAML Authentication to log into the Voucherify app using Auth0 as an identity provider. To log in, use the callback URL from Voucherify Team Settings (Security tab).
This tutorial shows the required steps to connect OneLogin Identity Provider.
After logging into your OneLogin account, go through the following steps:
- Go to the Applications tab and choose Add app button in the top right corner.
Use the search bar to browse SAML Test Connector (Advanced) and click on its name to add the app.
You can define optional connector's details like name, icon, and description. Click Save and go to the Configuration tab.
Change SAML encryption method to AES-128-CBC and confirm with Save. Go to the SSO tab.
Copy the SLO Endpoint (HTTP) and log into your Voucherify account.
Go to the Security tab in your Team Settings and enable the SAML Authentication. Place the copied URL in the Identity Provider EntryPoint URL field.
Go back to OneLogin and click View Details below the Certificate.
Copy the X.509 Certificate.
Go back to Voucherify and click the Add Certificate button. Paste the copied certificate and confirm with Save.
Confirm SAML configuration with Save. In response, Voucherify shows you a Callback URL. Copy the URL and go back to the Configuration tab in OneLogin.
Paste copied URL to ACS (Consumer) URL field. Confirm with Save.
You can now use the SAML Authentication to log into the Voucherify app using OneLogin as an identity provider. To log in, use the callback URL from Voucherify Team Settings (Security tab).