Does your company require you to agree periodically to Terms and Conditions, Privacy Policies, EULAs and so forth? Do you need to comply with the EU Data Protection Directive, General Data Protection Regulation, California Online Privacy Protection Act, Canada Personal Information Protection and Electronic Documents Act, or other regulations?
If so, I have great news for you! We’re happy to announce a new feature joining our family. It enables our customers to require users to agree to terms and conditions before logging into the portal. We call this feature Custom Terms and Conditions.
Creative, I know.
What are terms and conditions and why are they important?
Terms and Conditions are a set of regulations which users must agree to in order to use a service. They often specify sets of rules, usage, and content disclosure that is provided by the owner. For example, let’s look at the EUDPD:
“collecting and processing the personal data of individuals is only legitimate in one of the following circumstances laid down by Article 7 of the Directive: Where the individual concerned, (the ‘data subject’), has unambiguously given his or her consent, after being adequately informed.”
Any company operating in the EU and collecting any kind of data is required to notify the users of such and receive an explicit agreement. This requirement is not unique for the EU. As awareness to online privacy grows we will see more requirements enforced around the world, like the EU’s GDPR, California’s COPPA, and Canada’s PIPEDA, to name a few. We could provide many other examples where website or SaaS apps display their terms. We are here to make sure that we support our customers efforts in configuring and managing this type of requirement with urgency and ease.
Administrators can create multiple versions of the terms based on geographic location, department, job function, etc. and assign those to users via simple policies. When those conditions change or a user is moving from one policy to the other, Onelogin will automatically require users to agree to the updated terms. No action needs to be taken by the administrator.
Administrators can see which users have agreed to the terms and conditions, and which have not, in Activity > Events. You can create custom reports of who has accepted and who hasn’t, and stream acceptance events to Splunk, ELK, Sumo Logic, or any other SIEM that accepts data in JSON format.
As for all our customers out there - I invite you to read our product documentation on Terms and Conditions, and try it out for yourself. It’s one small step for IT, and one giant leap for compliance.