Security overview

Antavo security basics

Antavo’s policy framework is structured following the ISO 27001 certification standards. Compliance with these standards is verified through periodical tests to assess security protocols, update methods, and authentication measures.

The Antavo Loyalty Engine communicates externally using API requests. Securing these requests is essential to protect personal data and prevent fraudulent activities. HTTPS encryption, along with the API key and secret generated at the beginning of the loyalty program implementation, ensures the security of data. Read more about the API security protocols in the developer documentation.

Authentication and password management

Please heed the following advice:

• Register using individual accounts only, refrain from using generic accounts like info@yourcompany.com.

• Never share your password information with anyone.

• For enhanced security, we strongly recommend enabling Multi-factor authentication (MFA) when signing into the Management UI.
  Administrators with elevated rights can mandate the use of MFS for all users.

Password criteria

Management UI users can change their passwords by clicking the profile icon at the bottom of the main sidebar. This will open the Manage profile page, where they can navigate to the Change password tab.

The Password field provides information on the password policy criteria, which is configured under the Settings menu. It also indicates whether the entered password meets these criteria. Please note that passwords failing to meet the complexity requirements cannot be used as login credentials for the Management UI.

To ensure no unintended changes, the new password must be confirmed by re-entering it in the Confirm password field.

Single sign-on

Single sign-on (SSO) allows users to access all authorized network resources with a single login. Instead of managing separate passwords for each resource, usernames and passwords are validated against your corporate user database or other applications. Some of Antavo’s integrations use SSO authentication via the Auth0 identity management platform.

Security measures

There are several security measures you need to configure under the Settings menu of the Management UI.

• Define the password complexity rules and expiry time in the Passwords section

• Select a timezone for your loyalty program in the Localization section
  Note: The configuration of imports, exports, and workflows (including both campaigns and ‘On a date’-triggered general workflows) is based on the UTC timezone and displayed accordingly in the Management UI.

• Determine the session length for the workspace under the Security tab

Data backup

Antavo regularly creates backups of all customer data by our data backup policy. These backups are stored in the same stack as production environments. Please reach out to the Antavo Service Desk if you have further questions or requests.

Logs

Security logs

You can access security logs by navigating to the Security logs tab within the Settings menu. This page displays all login and password reset activities associated with the workspace. Read our Security logs article for more information about the details accessible in these logs.

Workflow logs

You can access workflow logs either from the perspective of a specific workflow or from that of a particular customer. Each time a workflow is triggered by an event or a date, a new entry is added to the logs. The lists provide details on the exact date and time of the event, its duration, type, trigger, and the outcome (success or failure) of workflow execution.

Event logs

You can view the personal event stream under the Customer insights menu. This stream displays every event registered in the customer’s event history, along with its type, date, and attributes.

Approval logs

The content approval history can be accessed and exported for auditing purposes in .csv and .psv formats from the History page within the Content approval module.

Webhook logs

The Log page within the Webhooks (legacy), Webhooks, and Incoming Webhooks modules display the list of triggered messages.

• The Webhooks (legacy) and Webhooks log page lists the time, action, associated customer, response status with code, and a comprehensive breakdown for each webhook, including headers and messages. Third-party tools PostBin can be used to view outbound webhook messages. Additionally, the webhook log offers the capability to resend a webhook event in case of an error.

• The Incoming Webhook log page lists the date and time of the webhook message registration, the detailed request specifying the endpoint it was sent to, the processing time, and the response status with code.

Access management

User role permissions

Antavo enables the creation of new Management UI users with distinct roles, each offering configurable access levels to the Management UI.

User groups

The User groups module enables the control of record-level access for Management UI users. Setting up user groups streamlines the process of aligning users, organizational structures, and roles.

Customer mapping

Creating customer mapping rules enables batch updates to various customer attributes based on pre-defined grouping. This facilitates organizing customers into separate compartments within the Management UI without the need for a data import.