What’s new in version 2.32
In view of the fact that GDPR (General Data Protection Regulation) will come into force on May 25, 2018, plazz AG has committed itself with the release 2.32 to an additional security measure.
SAML, short for Security Assertion Markup Language, describes a secure, XML-based data format for exchanging authentication and authorization information. This makes web-based work across different portals more secure and convenient. SAML authentication is implemented by default with the update to version 2.32 so that the Mobile Event App also joins seamlessly.
Your users may already know the logic of the SAML account from central logins, such as Google offers for various platforms. Similarly, we now offer the possibility of app registration via existing login data, such as that for your company’s intranet.
In addition to the resulting increase in security, the SAML login offers users a high degree of convenience: the login process and user authentication take place completely outside the event app. Users log in to their company system and access the app via a link. You do not have to remember any additional access data and can log in to the app even faster from now on.
SAML authentication can also be used in the participant registration tool registr.
Security update on login
Another innovation, which is also directly related to the login process, concerns the blocking of the user account in case of repeated incorrect entry of the access data. The user will be informed of the imminent blocking due to the repeated entry of incorrect data (e-mail address and/or password). In addition, he will receive an e-mail at his stored e-mail address, which will inform him of the blockage. This also informs him if third parties have attempted to gain access to his user profile. Hacker attacks are countered with this measure. An account can be unblocked in the CMS. This security setting is now always activated.
Furthermore, authentication is now required when changing the e-mail address and password. If a user wishes to change his login data, he must confirm a new e-mail address with his current password. When creating a new password, you must first enter the previous password.
In accordance with the requirements of the GDPR, every app user has the right to delete his or her user account. The profile can be deleted in the app in the account under “Access data”.
In addition, the additional data stored in the dynamic user profile, which we presented in the last Release 2.30, can now also be stored in the global area. Thus, for example, telephone number, position or Xing profile are now created in the global profile of the user and are thus visible in every event for which the participant is activated. This means that the data is stored centrally and does not always have to be queried again for different events. Similarly, this improvement was also introduced for registr.