An explanation of what the high security mode is, how it works, and how to implement it
You can further lock down your AngelTrack server by forbidding login from any computer or device that AngelTrack has not seen before.
Activating the Feature
To begin the process of restricting logins to familiar devices, take these steps:
- Post an announcement to all employees, informing them of the following:
- AngelTrack will begin per-device restrictions on [date].
- For any computer that you intend to use for AngelTrack, you must successfully login to AngelTrack at least once before that date.
- It does not matter which AngelTrack account you use; the restriction pertains only to your computer. Thus, once a computer is familiar to AngelTrack, any number of different AngelTrack users can freely utilize it.
- If you ever "Clear Browsing History" or "Clear Cookies" on that computer, it will lose the ability to login to AngelTrack.
- When that happens, any supervisor, dispatcher, or member of HR can temporarily re-open AngelTrack long enough for you to login and thus become a recognized device again.
- For your supervisors (captains and lieutenants), dispatchers, and members of HR, post a targeted announcement to teach them the following:
- You are going to receive occasional phone calls from employees whose devices are not permitted to login.
- When that happens, find the gate icon in AngelTrack's top bar, click it to temporarily switch AngelTrack back to "Open" long enough for the employee to complete their login, then click it again to close it back.
- Wait for everyone to have the chance to read the announcements and take action. You can use AngelTrack's announcement system to verify that everyone has seen it.
- When everyone in your organization is finally ready, activate the feature by doing the following:
- With administrator privileges, visit the Preferences page under Settings.
- Find the "Login mode" setting, and switch it from "Public" to "Open".
- Save changes.
In the top-bar, in the top-right corner of every AngelTrack page, a gate icon will appear. It will be blinking because the gate is currently open, i.e. AngelTrack is still allowing any device to login.
Click the gate icon to close it, and now you are done!
How It Works / Caveats and Hassles
AngelTrack uses cookies to mark computers and devices as familiar, and so Private Mode has the following serious caveats:
- All cookies get deleted when a user activates their browser's "Clear Browsing History" feature... and therefore they will not be able to login to AngelTrack again until someone switches it back to "Open" for them.
- Desktop computers store cookies on a per-user basis, so if the current user logs-off from Windows or MacOS, and then a different user logs-on who has never accessed AngelTrack before, they will not be able to login to AngelTrack until someone switches it back to "Open" long enough for them to get in.
- If a user switches to a different web browser -- e.g. from Chrome to Edge, or from Safari to Chrome -- the new browser will not be able to login to AngelTrack. Someone on a different device must switch AngelTrack to "Open" (or "Public") mode, just long enough for the new web browser to login at least once.
These caveats will create annoyances throughout the work week, with users occasionally reporting that they cannot login from a new (or recently-reset) device because AngelTrack says it is in Private Mode.
For that reason, AngelTrack makes it extremely easy for any supervisor, dispatcher, or member of HR to switch AngelTrack back to "Open" for a few minutes while the user logs-in and thus becomes a familiar device.
Two-year cookie lifespan
The "friend of AngelTrack" cookie that AngelTrack sets on your allowed computers and mobile devices is set to expire after two years. Therefore, if a computer does not login to AngelTrack for a period of two years, it will lose access altogether, until AngelTrack is re-opened and it logs in again.
Does Not Affect Other AngelTrack Services
This feature does not affect the Customer Portal, which contains no valuable data and so does not justify the hassle of device registration.
Nor does it affect AngelTrack's various APIs, webservices, and integrations such as Movi, Stryker, ET3, Stripe, and NSure.
It affects only employee logins from the normal login page -- including those from the offline PCR.