Overview: What are we talking about?
Managing your employees' access to Gingr is critical just like with any other piece of software. While we provide all the tools to help you keep your data secure, it's up to you to make sure you have proper procedures in place. This article will go over the tools available to you in the app that can help you manage employee access, how to revoke user access when an employee leaves your company and best practices that you can follow to keep your data secure.
This article includes:
- Helpful Hints
- Managing User Groups
- Understanding Admin Access
- Managing User Access
- Restricting User Access by IP Address
- Deactivating User Accounts
- Deactivating a Specialist
- Configuring Password Requirements
Helpful Hints: Before you begin
- It is highly recommended that each of your staff members uses their own user account. Gingr allows you to assign different user permissions to each user and important functions might be restricted. Logging in as oneself also provides accountability and the ability to track the actions each person takes (see our article on the History Page for more information).
- Do not remove the Gingr Support user from the Admin group so that Gingr Support team can assist you.
How to: Manage User Groups
Groups are a way to categorize user accounts and provide different levels of permissions to different people. When configuring your groups, you must decide which of your employees should have which access.
You must have the user permissions can edit user groups and can manage group permissions enabled to edit User Permissions or User Groups. If, for any reason, you wish to turn off the Can Edit User Groups AND Can Manage Group Permissions, you must first turn them on in another group and put yourself in that group before you turn these permissions off in the Admin Group. These two permissions must always be on in at least one group.
In order to update an account other than the one you are currently logged into, you must have the permission Can Manage User Accounts enabled.
See our article on User Groups and Permissions for more information on how to make changes and what settings are available.
How to: Understand Admin Access
The Admin Group can access every admin page. It is primarily intended for the owner or primary operator of the business. Please do NOT edit the name of the Admin group. This will disable the ability to access the Admin section and its settings.
Carefully consider which users should be allowed to make changes to the settings in your app. Keep in mind that significant and sometimes irreversible changes can be made, so it is important that only trusted employees be provided access. We recommend giving employee users access to only what they need to do to accomplish their jobs and limiting higher permissions to managers and business owner(s).
It is possible for non-admin users to be delegated access to managing group permissions as well as enabling access to select admin pages. Only some admin pages can be delegated to non-admins. Within each of those pages, some settings may be hidden from non-admins, regardless of their assigned access. If a user should be granted more permission than these delegations allow for, you may need to change them to the admin group.
Our article on User Groups and Permissions provides more detail on delegating admin access.
How to: Manage User Access
Restricting App Permissions
Each user in your application will belong to one or more User Group. User Groups will determine which permissions each user possesses, which can be used to limit what actions your employees have the ability to perform when they use Gingr.
Go to Left-Hand Navigation: Reports & More Icon » Groups » App Permissions to view and change these settings. Some of the permissions that can be used to help you protect your business and application are:
- Can View Financial Reports
- Can View End of Day Report
- Can Delete Reservations
- Can Log in from this IP Address
- Can Enter Negative Open Line Item
- Can Manage User Accounts
- Can Edit User Groups
- Can Manage Group Permissions
- Can Assign Package Credits
- Can Access API
- Can Manage POS Items
- Can Backup Database
- Can Export/Backup Data
- Can Manage Timeclock Records
- Can Undo Check In
See our article on User Groups and Permissions for more information about the specific actions and access you can control in the app.
How to: Restrict User Access by IP Address
Using User Group permissions, you can limit your employees' ability to log into Gingr based on their network IP address. Using IP address restrictions will make it so that users can only log into Gingr while at your physical location or other specified networks. Each internet network and mobile hotspot has its own iPv4 and you can add up to 15 of these to each group.
This section includes:
How to Enable an IP Address Restriction
To enable an IP Address Restriction for users, follow these steps:
- Navigate to Left-Hand Navigation: Reports & More Icon » Groups.
- On the Groups page, locate the Can Only Login From This IP Address permission.
- Find your network's iPv4 address. You can Google "what is my IP address" and find the string of numbers associated with the network you are currently using.
There should be no letters, only numerals separated by periods. For example 184.108.40.2064 or 220.127.116.11
Copy the string of numbers and then paste them into the field to ensure you do not mistype.
Important: ensure you are currently logged into the network you are entering before adding a restriction to prevent locking yourself out of the app.
- Enter up to 15 IP addresses in the field, in a comma-separated list without spaces. As long as you have already entered the network you are currently using, it is safe to enter additional IP addresses. You can log in from any network listed for your group. This will look something like this: 18.104.22.1684,22.214.171.124,126.96.36.1995,188.8.131.526
- Your changes will be saved automatically and will be effective immediately. Staff users that belong to this user group will now only be able to log into Gingr when they are at the indicated IP address(es).
What to do if your facility uses a Dynamic IP Address
Some Internet Service Providers (ISPs) will assign a Dynamic IP address to your account instead of a Static IP Address. If your business has a Dynamic IP address, there are few extra steps you'll need to take to configure an IP Address Restriction—mainly, you'll need to sign up for a (free) account at www.noip.com (no credit card needed), then download and install the app onto a computer at your facility.
Follow these steps to get this configured:
- Navigate to https://www.noip.com/sign-up and create an account. Pay close attention to the Hostname field where it will prompt you to create a URL. For example, if my Gingr application is happywags.gingrapp.com, I would create a URL that looks like this:
- You should now receive a confirmation email at the address entered upon signup. You'll need to locate this email and click the link within to continue to confirm your account.
- Navigate to this URL: https://www.noip.com/download and download the app on your computer at the facility.
- Install the application onto your computer. Open the newly installed application and log in using the account created in step 1.
- Once logged in, enable updating of the URL created in step 1
- You can now minimize this app, but make sure that it stays running indefinitely.
- Once configured, you'll enter the URL you created in step 1 from Left-Hand Navigation: Reports and More Icon » Groups » App Permissions in the Can Only Login From This IP Address field.
How to: Deactivate User Accounts
In the event that an employee leaves your facility, it's important to immediately disable their access to Gingr. In order to preserve historical data associated with user accounts, it's not possible to delete a user in Gingr. Instead, you will Deactivate their account to disable their ability to log into your application.
To disable a user account, follow these steps:
- Navigate to Left-hand Navigation: Reports & More » Users.
- On that page, locate the user account, then click the Active button in the Status column. This will immediately deactivate the user's account and log them out of any session they currently have open. Once deactivated, you will see this button beside their user account info:
In addition to their access to Gingr, take a moment to think about other software they may have access to (Facebook, Email, Website, Webcams, etc.) and disable their accounts or change common passwords as well.
- Navigate to Left-hand Navigation: Reports & More » Users.
- From the Users page, click the Active button under the Status column. This will take the user from Active to Inactive status.
- You will be asked to confirm. Click OK to continue, or Cancel to discontinue. Once deactivated, you will see Inactive beside the employee's information on the Inactive tab.
- To make sure they are no longer signed into Gingr, navigate to Left-hand Navigation: Admin » User Account Settings » Logout All User Sessions.
Important! All currently logged in users, including you, will be logged out instantly. You will need to log back in after this step.
- To ensure that this user cannot be booked for new appointments, you'll next need to delete their availability. To do, navigate to Left-hand Navigation: Reports and More » Manage Schedules.
- On that page, click the Manage Specialists button.
- Then, delete their availability from that window by clicking the red x in the Actions column next to each of their specialties.
- Save your changes at the bottom of the popup window.
Note: Deleting a specialists' availability does not delete any services that were already booked with them. You will need to use the Facility Calendar or Services by Date report to reschedule those currently booked appointments with another user!
How to: Configure Password Requirements
It is possible to require users to have strict password requirements as well as require them to periodically update their password. Go to Left-hand Navigation: Admin »Left-hand Navigation: Admin » User Account Settings and review the following settings.
Enable Strict Passwords
When this toggle is enabled, user accounts will be required to have passwords with the following minimum requirements:
- 8 characters
- 1 lower case letter
- 1 upper case letter
- 1 number or special character
Password Expiration Days
Enter a number of days in this field after which a set password becomes expired. For example, entering 30 in this field will require a new password for each user after 30 days. Upon login on the 30th day, they will be prompted that their password is expired and to set a new one.