Overview: What are we talking about?
Managing your employees' access to Gingr is critical just like with any other piece of software. While we provide all the tools to help you keep your data secure, it's up to you to make sure you have proper procedures in place. This article will go over the tools available to you in the app that can help you manage employee access, how to revoke user access when an employee leaves your company, and best practices that you can follow to keep your data secure.
This article includes:
- Restricting Employee Permissions
- Restricting Employee Access to Gingr by Location
- How to Revoke Employee Access
- Requiring Password Rotation for Users
How to: Manage Employee Access.
Restricting Employee Permissions
Each employee in your application will belong to one or more User Group. User Groups will determine which permissions each user possesses, which can be used to limit what actions your employees have the ability to perform when they use Gingr.
A full list of group permissions and their meanings can be found here, however, some of the permissions that can be used to help you protect your business are:
- Can View Financial Reports
- Can View End of Day Report
- Can Delete Reservations
- Can Login from this IP Address
- Can Enter Negative Open Line Item
- Can Edit User Groups
- Can Manage Group Permissions
- Can Assign Package Credits
- Can Access API
- Can Manage POS Items
- Can Backup Database
- Can Export/Backup Data
- Can Manage Timeclock Records
- Can Undo Check In
We recommend giving employee users access to only what they need to do to accomplish their jobs, and limit higher permissions to managers and the business owner(s) users so that you can limit what all of your staff have access to in the app.
Restricting Employee Access to Gingr by Location
Using User Group permissions, you can limit your employees ability to log into Gingr based on their location! Using IP restrictions will make it so that users can only log into Gingr while at your physical location and not elsewhere.
This section includes:
- Enabling an IP Address Restriction
- How to Locate Your IP Address
- What to do if your facility uses a Dynamic IP Address
How to Enable an IP Address Restriction
To enable an IP Address Restriction for users, follow these steps:
- Navigate to Left-Hand Navigation: Reports & More Icon » Groups.
- On the Groups page, locate the Can Only Login From This IP Address permission.
- Enter up to 15 IP addresses in the text field, in a comma separated list (no spaces). Ensure that your IP addresses are in iPv4 format. This will look something like this:
- Your changes will be saved automatically and will be effective immediately. Staff users that belong to this user group will now only be able to log into Gingr when they are at the indicated IP address(es).
How to Locate Your IP Address
If you do not know your IP Address, visit this site when using one of the devices at your facility: http://www.ip-adress.eu/
You can then copy the address provided and use this to for your restriction in Gingr.
What to do if your facility uses a Dynamic IP Address
Some Internet Service Providers (ISPs) will assign a Dynamic IP address to your account instead of a Static IP Address. If your business has a Dynamic IP address, there are few extra steps you'll need to take to configure an IP Address Restriction—mainly, you'll need to sign up for a (free) account at www.noip.com (no credit card needed), then download and install the app onto a computer at your facility.
Follow these steps to get this configured:
- Navigate to https://www.noip.com/sign-up and create an account. Pay close attention to the Hostname field, where it will prompt you to create a URL. For example, if my Gingr application is happywags.gingrapp.com, I would create a URL that looks like this:
- You should now receive a confirmation email at the address entered upon signup. You'll need to locate this email and click the link within to continue to confirm your account.
- Navigate to this URL: https://www.noip.com/download and download the app on your computer at the facility.
- Install the application onto your computer. Open the newly installed application and log in using the account created in step 1.
- After logging in, you'll want to enable updating (tick the checkbox) of the URL we created in step 1.
- You can now minimize this app, but make sure that it stays running indefinitely.
- Once configured, you'll enter the url we created in step 1 from Left-Hand Navigation: Reports and More Icon » Groups in Gingr using the Can Only Login From This IP Address field.
How to Revoke Employee Access
In the event that an employee leaves your facility, it's important to immediately disable their access to Gingr. In order to preserve historical data associated to user accounts, it's not possible to delete a user in Gingr. Instead, we will Deactivate their account to disable their ability to log into your application.
To disable a user account, follow these steps:
- Navigate to Left-hand Navigation: Reports & More » Users.
- On that page, locate the user account, then click the Active button in the Status column. This will immediately deactivate the user's account and log them out of any session they currently have open. Once deactivated, you will see this button beside their user account info:
In addition to their access to Gingr, take a moment to think about other software they may have access to (Facebook, Email, Website, Webcams, etc.) and disable their accounts or change common passwords as well.
Requiring Password Rotation for Users
- Navigate to Left-hand Navigation: Admin » System-Wide Settings.
- Using the search at the top of the page, find the setting called Password Expiration Days.
- Enter a number of days in this field after which a set password becomes expired. For example, entering 30 in this field will require a new password for each user after 30 days. Upon login on the 30th day, they will be prompted that their password is expired and to set a new one.
- Save your changes.