Authorisation in OutSite

Your website gives a visitor insight into the data in Profit. If your site is set up correctly, different types of visitors see different information on your site. You would not want an anonymous visitor to see customer-specific information. By authorising data, you ensure that the information you display on your site is only available to the correct visitor.

To secure your data, you must:

  • Know which visitor visits or logs on to your site (authentication).
  • Authorise your data so that the visitor only sees the data that he/she has rights to (authorisation).

You authorise the functionality in OutSite by linking authorisation roles to contact persons.

Example:

Only registered sales contacts can make an appointment with an account manager using a link on your website.

Depending on the authentication level, you determine the required data in zero, one or more steps.

Content

Video

Description

Depending on the authentication level, you determine the required data in zero, one or more steps.

Authorisation means assigning privileges within a site. You use authorisation to ensure that specific functionality is available to some visitors but not to others.

Because authorisation roles are available, you do not need to know exactly which screens, tabs and other components belong to a function.

Some functionality is available at the person level, such as the My details functionality: everyone who logs on (i.e. every person) can see their own details. Other functionality is only available for persons with a specific role: for example, in the customer portal, not everyone can add a contact person. This is only allowed for people with the Customer portal administrator role. If a visitor logs on to the customer portal without the role of customer portal administrator, then this person may view and change their own personal details, but not the organisation details of their organisation. You specify if a person is a portal user or portal administrator in the contact person properties.

If new functionality becomes available via a new build or update, then a user with the correct authorisation role is immediately given access to the new function.

Authentication

You can use authentication to check if someone really is who they say they are. This always involves a check on the person and never on a company or department. Visitors to your website authenticate themselves by entering a username and password.

To simplify the authorisation set up, we make a distinction between different types of visitors:

Visitor type

Logged on?

Access to

Anonymous visitor

No

Anonymous part of the website

Person

Yes

View personal details

 

Portal user of a sales contact

Yes

View and change personal data, View organisation data.

 

Portal administrator of a sales contact

Yes

View and change personal details.
View and change organisation data.
Maintain contact persons.

 

Site administrator

Yes

All parts of the site. The site administrator is an employee of your own organisation who maintains the website.

 

In a diagram, this looks as follows:

In this diagram, EnYoi ICT Services is your own organisation.

2G_Autorisatie (10)

Procedure

Also see