Web applications contain resources that can be accessed by many users. To protect resources from unprotected access over the Internet, VWO provides various security measures. You can configure the security by clicking the gear icon ⚙ on the top right, and going to the Account > Security section.
VWO typically provides security in the following ways:
- Login and Access
In VWO, you have the following option to manage the login and access of your account:
Expire user's password in 90 days
Enabling this option ensures that all the users reset their VWO password at least every 90 days. Passwords older than 90 days automatically expire and the users cannot log in unless they change it. Users are notified over the mail with a link to reset their password before the existing password expires.
Log user out of VWO after 15 minutes of inactivityAllow VWO team to access your account
Enabling this option ensures that all users are logged out of VWO after 15 minutes of inactivity. Users have to log in again to continue using the app.
Sometimes, the VWO support team may need access to your account temporarily for resolving issues related to your account. Accessing your account settings help our support members to diagnose and troubleshoot your issue faster and better. If you do not wish to allow access to the VWO support team, uncheck this option.
Set email alerts for account administrators (Admins of the main workspace) to receive notifications for your VWO account-related activities like successful or unsuccessful login attempts, changes made to your VWO account. You can add multiple users to receive alerts on your account activities.
- Allow login from specified IP addresses and Locations
With this, you can limit the IP addresses or locations that can access your account. This can be done by providing one or multiple IP addresses in the Allow login if IP address matches the following (add IP addresses separated by new line) field or by specifying one or multiple locations in the Allow login if location matches the following field present in Settings > Accounts > Security section of your VWO account.
To learn how you can do this in your VWO account refer to Enable Users to Log in to VWO From Specified IP Addresses and Locations.
NOTE: You can use regular expressions to specify IP address patterns. For example, to enable access for all IPs matching the pattern "201.67.99.*", enter the regular expression as "201\.67\.99\..*". To type a range of IP addresses, use regular expressions for IP addresses. To learn how to build a regular expression, refer to How to Build your IP Regular Expression.
- Extract/Delete Data For a Specific UUID
VWO saves visitor data against a UUID which is created and saved on the visitor’s browser cookie. UUID are unique IDs that identify your website visitors and are different for each browser. To Access/Delete the data, provide the value in the UUID field present in Settings > Accounts > Security. To locate your UUID, refer to How to Locate your VWO UUID.
NOTE: As soon your Access/Delete request is received by VWO, the VWO support team will contact you.
- Single Sign-on
Single Sign-on (SSO) is an authentication process that allows a user to access multiple applications with one set of sign-in credentials. To know more about SSO, refer to Single Sign-on in VWO.