Restricting Information Access Based on Login Location

If your company does business in more than one location, it may be necessary to restrict a user's access to information within Accolade based on their login location. For example, if you do business in countries with intellectual property laws based on information access, set up Accolade to prompt a user to select the location from which they are accessing Accolade. The location selection restricts the access to projects and documents throughout the application to only projects and documents that are allowed to be viewed from that location. Restricting information based on location allows users access to Accolade without putting your company's intellectual property in danger based on the laws and regulations in place in different locations.

Administrators and Process Designers must setup Accolade to prompt for a login location, including the following:

• Defining the metric that contains the location values. (Process Designers)
• Setting the Login Metric system parameter in the Administration Console. (Administrators)
• Defining the text that displays on the location selection page. (Process Designers, Administrators)
• Adding the metric to the appropriate models. (Process Designers)

When a user selects a location, only projects with a metric value matching that location are accessible during that Accolade session. The user is prompted for a location each time they access Accolade, including from Accolade Office Extensions, links to information available in emails, Dashboards for Accolade (uses the last login value), and in Accolade Portfolio Optimizer.

Project access is restricted in the following locations:

• All project access pages, including search, All My Work, and Upcoming Gates pages.
• Resource Planning pages.
• Innovation Planning views, including the Canvas and any saved views.
• Accolade Portfolio Optimizer, including access saved scenarios.
• Reports including Dashboards and access with Dashboards for Accolade.

Define the Metric That Contains the Location Values

The location selection page includes a list of locations that users can select from when they access Accolade. Specify the list using a reference table and a list or multi-select list metric. When the metric is assigned to the Login Metric system parameter in the Administration Console the metric configuration becomes read only.

Sopheon recommends using a reference table instead of manually entering the list items in the metric configuration to ensure you are able to update the list of locations after the metric is assigned to the system parameter. Consider the following when creating this metric:

• This is also the metric that is added to process models to select the location associated with the project. See Add the Metric to the Appropriate Process Models below.
• This metric cannot inherit its value from another metric.
• If you remove a list value from the metric configuration (either in the manually defined list or in the reference table), and that list value is selected in a project, the project becomes inaccessible within Accolade. Because the value is no longer an option for selection when a user accesses Accolade, the project is now restricted to all users. If this happens, you can update the metric within the project to a valid option using Accolade's project importer functionality.

To define the metric that contains the location selections:

1. Create a reference table that contains the list of locations and add it to Accolade.

Ensure the Available to Metrics option is selected in the reference table configuration.

2. Create a list or multi-select list metric.

3. In the List Source field, select Reference Table.
4. Select the reference table you added in step 1 and select the column within the table that contains the location values.
5. Select the Active check box to activate the metric.

6. Click Create to save a new metric or click Apply to save changes to an existing metric.

Set the Location Metric System Parameter in the Administration Console

A value in the Login Metric system parameter determines if the location selection page displays when a user accesses Accolade. An administrator must include a system metric name in the parameter for Accolade to prompt users for a location to restrict project access based on location.

To set the Login Metric in the Administration Console:

1. Log in to the Accolade application server.
2. From the Windows the Start menu, display all projects and select Sopheon Accolade Administration Console.
3. From the Navigation list, select Standard Parameters.
4. In the Category field, select Security and select the Show Advanced check box.
5. In the Value field for the Login Metric system parameter, enter the system name of the list or multi-select list metric created in the procedure above.
6. Click Apply to save your changes.

Define the Text That Displays on the Location Selection Page

Define the text included on the location selection page that displays when a user accesses Accolade. Include instructions and provide any additional information about your company's policies and procedures regarding the location request.

To define the text that displays on the location selection page:

1. On the System menu, select Configuration > Languages.
2. In the Language field, select the language to which you want to translate. You can define the text that displays on the location selection page in multiple languages, if necessary
3. (Optional) To narrow the list of translatable items, enter search criteria in the Filter By field and click Filter.

The default field name for the location page text is location login.

4. Enter the text to display on the location selection page.
5. Click Apply to save your changes.

Add the Metric to the Appropriate Process Models

When a user selects a location from the location selection page, Accolade restricts their project access to only projects that contain a matching metric value.

Associate the metric defined for the location to the process model and make it a required selection on project creation to ensure that restricted projects do not display when users access Accolade from a restricted location.

Important! If you add the metric to an existing process model, ensure that existing projects are updated to include a value in the metric. If the metric does not exist on a project or is empty, the project is visible to the user through search and other locations including links sent via email.

To add the metric to the appropriate process models:

1. Associate the location metric to a model from the metric definition if multiple models require the metric, or from the process model definition if only one model requires the metric.

2. (Optional) To help ensure that the metric is assigned a value, set the presentation settings for Creation to Edit and select the Req'd check box.
3. Click Apply to save your changes.

Notes:    The users location selection is logged in the user history and available for reporting purposes, and the location displays next to the user's name in the Accolade title bar. For information about reporting on the login location, contact Sopheon Customer Support. If a user selects one location in Accolade, and a different location from another Accolade component such as an add-in or Portfolio Optimizer, the access is determined from the last selected location. In this case, the location displayed in the Accolade title bar may not reflect the most recently selected location; however, the restricted access is being respected.