Skip to main content
Version: Current

User security best practices

Maintaining strong security practices helps protect your organisation's data and systems. This guide explains key security measures and best practices for managing users in Zudello.

Best practices

  • Review user access and permissions regularly
  • Use single sign-on (SSO) where available
  • If not using SSO, enforce strong password requirements. Ensure passwords:
    • Contain at least 12 characters
    • Include uppercase and lowercase letters
    • Include numbers and special characters
    • Don't contain common words or patterns
  • If you are using password sign-on, use multi-factor authentication (MFA)
  • Document all security-related changes
  • Remove access immediately when off-boarding users
  • Regularly audit user group permissions and group memberships

Configuring user groups and data permissions

  • Set up team-specific user groups:
    • Create groups based on job functions
    • Assign minimum required permissions
    • Review group membership monthly
  • Configure data permissions on a need-to-know basis:
    • Set up resource-level access controls
    • Use "Own" access where possible
    • Limit "All" access to essential users

Regular security reviews

Quarterly access review

Perform these checks at a minimum every three months:

  1. Review the users list:
    • Check for any unfamiliar accounts
    • Verify all active accounts belong to current staff
    • Deactivate accounts for users who have left
  2. Review user group membership:
    • Verify all user groups are still required
    • Expand each group
    • Verify members need their assigned access
  3. Review data permissions:
    • Check permission assignments match security requirements
    • Verify that all user groups assigned to each data permission still require access to all resources

Delegation security

When setting up user delegation:

  • Set specific time periods:
    • Always include both start and end dates
    • Keep delegation periods as short as possible
  • Ensure users communicate their delegation changes with all other affected staff

Responding to security incidents

If you notice unusual activity:

  1. Take immediate action:
    • Deactivate affected user accounts
    • Remove suspicious group memberships
    • Document the incident details
  2. Review security settings:
    • Check user group permissions
    • Verify data permission assignments
    • Update access controls as needed
  3. Contact Zudello support for assistance

Need help?

Contact your organisation administrator or Zudello support for assistance with security configuration and best practices.