Tag Archive for: Personally Identifiable Information

Summary of LeadSquared Security Features

/0 Comments/in , /by

1. Feature Overview

LeadSquared is ISO 27001:2022 certified and HIPAA compliant. LeadSquared was built to deliver a robust and secure experience. In addition to our process and infrastructure-level safeguards, the LeadSquared application itself has a number of security-related features. This article summarizes the list of available features and describes how you can use them to protect your account.

Note: You can also download a pdf version of our security features.

 

2. Prerequisites

  • All security-related features (except user-level two-factor authentication) must be set up by the LeadSquared administrator user.
  • Some features listed in the article are not available on all plans. Please contact us at support@leadsquared.com for more details.

 

3. User Access

These features let you configure the level of access available to your users.

Feature Description Help Documentation
User Roles Each LeadSquared user role comes with its own set of restrictions for accessing features and data. Assigning roles based on how you want users to access your account. User Roles and Access Rights
Sales Groups By default, sales users can only view their own leads. However, you can give certain sales users (team leads, managers, etc.) special privileges through sales groups. Managing Lead and Account Access to Sales Users – Sales Groups
Permission Templates Permission templates give you granular level control over leads, activities and tasks. In addition, they let you control access to features like imports, exports, API, dashboards and reports.
IP Whitelisting You can whitelist the IP addresses that can access LeadSquared. Logins through suspect IPs (tors/anonymous proxies) will be automatically disabled. Restrict User Access to LeadSquared using IP Whitelisting

 

4. Login and Session Security

These features help secure your account by providing additional security capabilities.

Feature Description Help Documentation
Password Encryption When enabled, passwords will be encrypted and sent from the browser to the server. Users will not be able to ‘Remember Password’ and the password won’t be stored anywhere in the browser cache. LeadSquared Login Security Settings
Enable Dynamic Token for Mobile App Lets you enable an additional layer of security for communicating between the app and server.
Two Factor Authentication Two-factor authentication can be mandated for all users or configured at the individual user level. LeadSquared Security Settings – Two Factor Authentication
Authentication Provider As an alternative to logging in with your LeadSquared credentials, you can configure your account to enable log-in through the following third-party authentication providers –

  • Google
  • Active Directory Federation Services (ADFS)
  • API
 LeadSquared Security Settings – Authentication Provider
Trusted Device Users can log into their LeadSquared account without verifying themselves through Two-Factor Authentication (2FA) each time Authentication – Trusted Device
Session Management Login Expiration Time –
When enabled, users will be required to log in again, after the configured time elapses. Session Timeout –
When enabled, a user who remains idle for the configured time will be automatically logged out.		 LeadSquared Security Settings – Session Management
Force Logout All Users You may want to force logout users from your account for a number of possible reasons –

  • LeadSquared may have added new features/enhancements or you may have opted for additional features or a change of plan. Sometimes, this requires users to log back in.
  • If you suspect that your account has been compromised, you can force log-out all users as the first safety precaution.
  • Some users prefer not to log out of their accounts which may pose security risks.
 LeadSquared Security Settings – Login Settings
Set Password Policy for users Customize the password policy of your LeadSquared account (e.g., minimum password length allowed, minimum special characters allowed, etc.) to comply with your organization’s policies. LeadSquared Security Settings – Set password Policy

 

5. Landing Page Security

The following security feature help secure landing pages you create using LeadSquared –

  • Google reCAPTCHA
    reCAPTCHA protects your landing pages against malicious software and spam. To learn how to embed them in your landing page forms, see Google reCAPTCHA on Landing Pages.
  • Allow submissions from registered domains only
    You can restrict the domains on which form submissions will be accepted.

 

6. Audit Logs

Audit logs provide numerous benefits including better transparency, record integrity and accuracy, and security of sensitive or vital information. A weekly review of audit log reports in LeadSquared will keep you on top of any activity in your account.

  • Audit Log Reports
    List of reports that help you track changes made to users, leads, automations, etc.
  • Request History
    Monitor all bulk requests such as import, export and delete, and also the history of support access requests.

 

7. API Security

LeadSquared APIs support Transport Layer Security (TLS) encryption. TLS is a standard that keeps an internet connection private and checks that the data sent between two systems (a server and a server, or a server and a client) is encrypted and unmodified. While using our APIs, we recommend following these best practices –
  • Keep your API keys secret
    We use access keys and secret keys (unique for each user) for authentication. These keys give you access to LeadSquared functionality and data, so they should always be kept secret.
  • IP Whitelisting
    With IP whitelisting, only requests made from specified IPs will be accepted. Whitelist the IPs you’ll be making API calls from. To learn more, see Restrict User Access to LeadSquared using IP Whitelisting.
  • Restricting API access through permission templates
    For users who don’t need access to API, we recommend disabling API access through permission templates. To learn more, see How to Create a Permission Template.
  • Reviewing API Logs
    View your API logs to check for unauthorized access. For details, see API Logs.

 

8. Data Protection and Privacy

These features were created with GDPR in mind. They enable you to provide transparency to your leads in relation to their data and privacy.

Feature Description Help Documentation
Cookie Consent As part of the privacy settings, you can allow end-users to control whether or not they would like to enable cookies on your website (where the LeadSquared Tracking Script has been installed) Data Protection and Privacy Settings
Email Opt-in By using the email opt-in setting together with the email opt-in automation action, you can let your leads decide whether or not they want to receive emails from your organization.
Personal Data Protection When enabled, it automatically creates a landing page in your account, that you can publish to existing leads and present them with the following options –

  • View their data
  • Remove their data
  • Update their data
  • Do Not Track

 

Any Questions?

We hope this article was helpful. Please leave us a comment below if you have more questions.

Permission Templates

/in , /by

1. Feature Overview

Permission templates let you configure access rights for your users. They let you control who sees what and which users can edit, delete, export or import your data.
You can set up access control in 2 quick steps –

  1. Create a permission template to control access to features and actions.
  2. Apply that template at the user, role, or sales group level.

Also see –

 

Example Use Cases

With permission templates, you can restrict users from –

  • Viewing, creating, editing, deleting, exporting and importing leads
  • Viewing, creating, editing, deleting, exporting and importing opportunities
  • Viewing, creating, editing, deleting, exporting and importing accounts*
  • Creating, activating, editing and deactivating users#
  • Viewing, creating, editing, deleting and exporting activities
  • Viewing, creating, editing and deleting tasks
  • Accessing accounts, dashboards, reports, custom apps and APIs

You can also configure partial access and allow users to view/edit only certain lead fields/activity fields/tasks.

Note:

 

2. Prerequisites

  • You should be an administrator user.
  • The permission template feature is available on select plans. For more information, contact sales@leadsquared.com.
  • To enable opportunities on your account, please write to support@leadsquared.com.

 

3. How to Access Permission Templates

From your dashboard, navigate to My Profile>Settings>Users and Permissions>Permission Templates. 

Permission Templates_1

 

Related Articles

 

Any Questions?

Did you find this article helpful? Please let us know any feedback you may have in the comments section below. We’d love to hear from you and help you out!

Create Permission Templates

/2 Comments/in , /by

1. Feature Overview

This article shows you how to create and configure a permission template. If you’re new to the permission template feature, see LeadSquared Permission Templates. If you’ve already created a permission template and now want to apply it to your users, see How to Apply a Permission Template.

Note:

  • Instead of restricting export for each entity (leads, activities, tasks, opportunities, users, and accounts) through a permission template, you can now restrict all users from exporting all LeadSquared entities through a back-end setting.
  • Instead of creating a permission template to restrict access to sales activities
    • You can restrict all permissions (view, create, and edit) to all users through a backend setting.
    • You can also restrict create/add permissions and grant view and edit permissions through a backend setting.

To enable any of these settings, contact your account manager, or write to support@leadsquared.com.

 

2. Create a Permission Template

From the main menu, navigate to My Profile>Settings>Users and Permissions>Permission Templates, then click Create.

Note: You can create up to a maximum of 50 permission templates.

Permission Templates create

Enter the following details –

  • Name: Enter a name for the permissions template.
  • Description: Enter a suitable description for the template.
  • User Access: Controls users that are shown in all user/owner fields drop-down fields across the application. To learn more about this feature, see How to Control Users Shown in User/Owner Drop-down Fields.
    • All Users – This is the default option. All users will be shown in the user/owner drop-downs across the LeadSquared application.
    • Sales Group Users – Will allow group managers to see only the users in their own sales groups, in all user/owner drop-downs across the application. Other sales users in the group (who aren’t group managers) will only be able to see themselves in these drop-downs.
  • Restrict Access
    • Dashboard – Users the template is applied to won’t be able to view dashboards.
    • Reports – Users the template is applied to won’t be able to view reports.
    • Marketing – Users this template is applied to won’t be able to access the Email Campaign, Landing Pages, and Website Widgets screens.
    • Workflow – Users this template is applied to won’t be able to access the Automations, Manage Forms, Process Designer, and Manage Portals pages.
    • Custom Apps – Users the template is applied to won’t be able to view custom apps.
    • API Access – Users the template is applied to won’t be able to make APIs calls. This can be used when you want to give marketing access to users but don’t want them to use any APIs or connectors.
    • Call Recordings – Use this option to restrict access to Call Recordings in Inbound/Outbound Phone activities.
    • Content – Users this template is applied to won’t be able to view, upload or delete content in the Email Library and Images and Documents library by default. However, admins can configure the settings to grant users partial access to these libraries as needed.
    • Leads – Users this template is applied to won’t be able to access the Manage Leads page.
    • Accounts – Users won’t be able to view any accounts.
    • Create Users – Users this template is applied to won’t be able to create new users in your LeadSquared account. This permission template can be applied to Admins (by the Super Admin), Sales Managers, and Marketing Users (by the Admins/Super Admins). It cannot be applied to Sales Users.
    • Activate Users – Users this template is applied to won’t be able to activate a user in your LeadSquared account. This permission template can only be applied to Admins (by the Super Admin), Sales Managers, and Marketing Users (by the Admin/Super Admins). It cannot be applied to Sales Users.
    • Deactivate Users – Users this template is applied to won’t be able to deactivate a user in your LeadSquared account. This permission template can only be applied to Admins (by the Super Admin), Sales Managers, and Marketing Users (by the Admin, Super Admins). It cannot be applied to Sales Users.

Note:

  • The following Permission Templates aren’t available by default in the platform. To enable them on your account, contact your account manager, or write to support@leadsquared.com –
    • Create Users
    • Activate Users
    • Deactivate Users
    • Restrict User Field Modification
  • Access to reports and custom apps will be automatically restricted when viewing permissions are configured to hide lead and opportunity fields. This happens because lead and opportunity fields that you hide from your users still show up in connected apps and reports. If you still want users to view reports and connected apps even though you have restricted view permissions for lead and opportunity fields, manually toggle the reports and custom apps sliders.

 

3. Clone a Permission Template

You can clone an existing Permission Template and make relevant changes to it instead of creating new templates from scratch. To clone a permission template –

  1. Navigate to My Profile>Settings>Users and Permissions>Permission Templates.
  2. Alongside the relevant Permission Template, hover your cursor over LeadSquared - Settings icon.
  3. Select Clone and enter the relevant details. Once the Permission Template is cloned, you can edit it according to your requirements.

LeadSquared - Clone Permission Templates

 

4. Permission Templates for Admins

Super admin users can apply permission templates on regular admins. In addition to the regular permissions, they can restrict access to

  • Edit user’s email addresses and phone numbers
  • Export users
  • Organization switch
  • Support access

For more information, see LeadSquared Super Admin Users.

Admin User Permission Templates

 

5. Assign Permissions

This allows you to set permissions for different entities. You can set restrictions on individual actions (e.g., update one Phone Call Task as ‘Complete’, etc.) and bulk actions (e.g., update all Phone Call Tasks as ‘Complete’, etc.). Refer to the table below for details.

Permission Type Description
View Allows you to view leads, activities, tasks, opportunities, and accounts.
Create Allows you to create leads, opportunities, activities, tasks, users, and accounts.
Edit Allows you to edit existing leads, activities, tasks, opportunities, users and accounts.
Delete Allows you to delete existing leads, activities, tasks, opportunities, and accounts.
Export Allows you to export leads, activities, tasks, opportunities, and accounts.
Import Allows you to import leads, activities, opportunities, and accounts.
Mark Complete Allows you to mark tasks as completed.

By clicking on the green circle, you can change the permission settings of each permission type –

LeadSquared - Assign Permissions

Once the template details are configured, click Save. The Permission Template will save and then appear on the Manage Permission Templates page where you can edit, delete or apply it to users.

 

5.1 Configure Access Levels

You can give users complete access, partial access or no access to features and actions –

LeadSquared - Configure access

 

5.1.1 Full Access

Provides complete access to the permission type.
For example, if you give a user full access to delete leads, he can delete all the leads in your account.

 

5.1.2 Partial Access

Provides partial access. Allows you to selectively choose the fields you want to give users access to. For example, you can restrict users from viewing or editing system lead fields like Lead Age, Created On, Modified On, Last Activity, Last Activity Date, Origin, Lead Score, Engagement Score and Quality Score.

Note: The feature to restrict system lead fields is not available by default. Reach out to support@leadsquared.com to get this enabled.
  1. When you select partial access, a Configure option appears below the yellow circle which allows you to choose the fields you want to restrict access to.
  2. Click Configure and choose the fields you want to restrict on the Configure Create Permission for Leads pop-up
  3. Click Save when you’re done.

LeadSquared - Configure create permission for lead

 

Note:

  • The following lead fields cannot be partially restricted through permission template for view, create and update lead field access: ConversionReferrerURL, CreatedOn, EngagementScore, LeadConversionDate, ProspectAutoId, Origin, QualityScore01, Score, ModifiedOn, Revenue, SourceIPAddress, SourceReferrerURL, StageRottingFlagMessage, StageRottingFlagModifiedOn, StageRottingFlagStatus
  • The following opportunity fields cannot be partially restricted through permission template for view, create and update opportunity access: OwnerId, Owner, mx_Custom_1(Opportunity Name/Title), mx_Custom_2(Status), mx_Custom_19(Comment)

 

Restriction on Edit of User Fields

Users can be restricted from editing user fields like the their First Name, Employee ID, Email Address etc.

Note: This feature to restrict editing of user fields is not available by default. Reach out to support@leadsquared.com to get this enabled.To enable this restriction –
  1. Navigate to Settings>Users and Permissions>Permission Templates.
  2. Under Assign Permissions, you’ll find Users.
  3. Click on the green circle under Edit until it turns yellow.
  4. Click Configure under the yellow circle to restrict the required user fields.
  5.  In the Configure Edit Permissions for Users pop-up, click Restrict alongside the relevant fields.
  6. Once the fields are selected, click Save.

Leadsquared - Permission Templates

 

5.1.3 Bulk Actions

Restrict Sales Users from performing bulk actions (Create, Update and Delete) on Leads, Activities, Tasks, Opportunities and Accounts. This is to ensure your users don’t misuse the Bulk Update option, especially if incentives or payouts are tied to achieving specific targets (e.g., number of tasks completed in a week, etc.).

LeadSquared Product Updates

 

5.1.4 No Access

Provides no access to the selected permission type.

 

6. Masking/Hiding Fields

You can hide/mask fields that you don’t want certain users to see. Once masked, these fields cannot be edited by users.
For example, if you have a sensitive lead field (like a bank account number, PAN/Aadhaar card number, Social Security Number, etc.) that you don’t want other users to see, you can mask it by following the video below.

LeadSquared - Masking permission templates

Note:

  • If a field is masked for a user, that user can still update it if the value is empty. This is useful in case a phone number is masked, but the user knows the number of the prospect and wants to update it.
  • You cannot hide the lead age via permission templates. However you can use the Lead Details View Cusotmization feature to hide the lead age.

This feature also works for activities and tasks types you may want to hide from certain users, like say you don’t want marketing users to see sales activities or sales tasks. You can also mask CFS file type Activity fields to prevent users from attaching such files in emails. Just follow the same instructions in the video above but this time click the circle alongside the Activities, Tasks, Opportunities, or Accounts section as highlighted below.

LeadSquared - Masking permission templates

If you wish to mask an Activity Field, before you navigate to the Permission Templates –

  1. Navigate to My Profile>Settings>Leads>Custom Activities & Scores.
  2. Alongside the relevant activity field, click Edit.
  3. On the Update Custom Activity Type pop-up, alongside Show As Entity, click Azure checkbox. This checkbox must be enabled to mask an Activity Field.

LeadSquared - Show as Entity

Note:

  • If you want to hide phone numbers from users, create a permission template as follows.
    • Hide the phone, mobile and other phone fields using the Hide Lead Fields functionality.
    • Hide lead capture and landing page submission activities using the Hide Activity functionality.
  • If the phone number is masked, telephony connectors will not update the phone number in the ‘FirstName’ lead field.

 

7. Next Steps

Once a template is created, you can apply it at the user, role or sales group level. See How to Apply Permission Templates.

 

Any Questions?

Did you find this article helpful? Please let us know any feedback you may have in the comments section below. We’d love to hear from you and help you out!