User Accounts and Security

Safeguard access and data stored in Veracross by learning about user accounts and security roles.

Articles

Security Role Overview
Overview Each Veracross user account is a member of one or more security roles. These security roles determine which data the user can view and update. Primary roles form the basis of a user’s security and roughly correspond to the person&r...
User Account Management Overview
Username Conventions Before creating any user accounts in Veracross, it is important that the username convention for each security role be reviewed to ensure the account usernames are created in the proper format. See more on Username Conventions...
Creating Future Parent/Student Accounts
Overview Some schools want to create user accounts in Veracross for Parents of Future Students and Future Students. Typically this is wanted in order to push the user accounts out to a third party vendor (most often the school website).  It is...
Creating User Accounts in Batch
Overview To manage user accounts in batch, navigate to the System homepage in Axiom and click the Action menu.  Only users with the security role of SysAdmin_1 can create user accounts, send welcome emails and set security roles for their scho...
Disabling/Re-Enabling Portal Accounts
Overview Parent and Student portal accounts can be disabled by any System Administrator if needed throughout the year.  To disable accounts, perform either the batch or one-off procedure below. Portal membership can also be managed directly o...
Email Domain Security Check
Overview Email domain security can be added so that Veracross scans emails sent via distribution lists using the DKIM and SPF security protocols. This applies to inbound security processing and so does not apply to emails sent with Composer. Ther...
File Security
Overview Access to data on records in Veracross is controlled by security roles. Users are assigned security roles based on the level of access and update privileges they need in order to input/edit data on records. Many records also contain a &ldq...
GDPR Information
Overview The EU General Data Protection Regulation (GDPR) — designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data priva...
Granting Accounting (VCA) Access
Overview The actual granting of VCA access is done by the VCA Account Manager, but the school should ensure that the person already exists in Veracross as a staff or faculty, has a user account, and has the security role Business_1 . Once these ...
How To Impersonate Users
Overview User Impersonation is a feature that allows system administrators and certain staff members to log in as another Veracross user for testing purposes. Impersonation is supported in all Veracross apps except for Composer. Allowing Impersona...
Identity & Access Management Homepage
Overview The Identity & Access Management homepage in Axiom gives quick access to user accounts, security configuration, and logs. Homepage Sections User Accounts: Provides quick access to all user accounts faculty and staff accounts s...
LDAP/Active Directory Setup
Overview Veracross can authenticate with Microsoft’s Active Directory server to achieve Single Sign On. Single Sign On allows end users to use their primary network (Active Directory) account to log into Veracross, thus eliminating yet anothe...
Multi-Factor Authentication (MFA)
Overview Multi-factor authentication can be enabled for accounts accessing Axiom and Portals. Multi-factor authentication (MFA) is a security mechanism that requires access to more than one device (typically a computer and a phone) to access an app...
Password Expiration Management
Overview Schools have a number of options available for managing password expiration for each of their users: Per User Change the user’s account status to “password expired” on their person account record. This will require th...
Switching to Active Directory (AD)
Overview In order to have Veracross authenticate users against a school’s Active Directory server, a few things need to be set in place before AD Authentication can be enabled. First, we need information about the school’s active direc...
Syncing External Google Accounts
Overview Schools using Google Apps for Education/Non-Profits can enable single sign-on (SSO) — part of the extra-cost Google Authentication module — so that their constituents with Google user accounts can use those credentials to sign ...
Username Conventions & Account Redirecting
Overview User Account naming conventions can be set per security role.  Using the “Security Roles” link on the System homepage, all security roles can be accessed and a primary and secondary username convention set for each. The ...
Veracross (VCX) Homepage Access
Overview Security roles determine homepage access in Axiom. This article details the homepages to which different security roles have access by default. SysAdmin_1 (read/write) and SysAdmin_2 (read only) have access to all homepages. Not all home...
reCAPTCHA Protection
As an additional security measure, Veracross has implemented the use of reCAPTCHA on login pages for both Axiom and all Portals.
OAuth Applications and Veracross Overview
You can now create OAuth applications for vendors using Veracross. OAuth applications allow for vendors to use Veracross OAuth SSO to enable login to their vendor applications. This can provide a few benefits for Veracross end users
Creating an OAuth Application: School Workflow
Creating OAuth Applications will be necessary to enable Single Sign On (SSO) for vendors working with your school. Creating OAuth Applications is a self-serve workflow, and doesn’t require approval or involvement from Veracross Support.
Creating an OAuth Application: Vendor Workflow
Because OAuth is a standard approach for enabling SSO, there is a lot of material on the internet about how to set up an integration with an OAuth provider.