This article describes the way AltiusLife handles user access and logins, and data storage.
AltiusLife is an end-user application that provides Wellbeing content and support to its users. It is made available to end users (EAP clients) under an EAP customer contract.
In using the EAP service, we are keen to impress on clients the confidentiality of their use of the service. Every aspect of how the service operates reflects this, including customer reporting that carefully anonymises usage data and ensures that individuals cannot be identified within reporting.
AltiusLife seeks to reassure clients that their use of EAP services cannot be tracked by their employer. While today AltiusLife focuses on wellbeing content, we are adding elements to connect EAP service provision with ongoing Wellbeing support.
Login Methodology
AltiusLife user authentication is handled by a leading IDMS, Auth0 ("auth-zero"). As such we have rigorous identity management and a significant set of features, some of which have been made available in the current application.
Users sign up for, and then login under, a company registration code, set up by the employer when the AltiusLife site is created. Users create an account independent of any corporate login system and identify their legitimate use of the service via this registration code. They can use a login email address and password of their choosing, while also meeting security requirements (e.g., password strength).
Considerations: Since the employer does not have access to, nor do they manage, the user list, retiring departing employees is not viable. However, it’s worth bearing in mind that this characteristic exists for the EAP service itself which does not typically validate employment status with the employer before providing services (subject to customer contract rules), thus maintaining confidentiality.
Identity / Authentication / Access Management
AltiusLife offers three user roles:
- Client User – an employee or family member accessing the application for their personal wellbeing and EAP services.
- Company Administrator ("Coordinator") – a member of the customer’s organisation with access to the underlying Content Management System, or CMS, with privileges to configure aspects of the experience for their users, such as colour scheme, organisation-specific content, and available features. Note that Coordinators do not have access to any user account information, due to the confidential nature of the EAP service.
Further details on the features of the CMS available to Coordinators are available elsewhere in this guide. - Altius Group Administrator – a member of the Altius Group team with privileges to operate as a Company Administrator for any customer, and to manage global system features as well as provide end-user support.
Established users are assigned to the Client User role by default and can be elevated to the Coordinator role by Altius Group under the direction of authorised company representatives.
Data Types and Storage
CMS data is stored in Microsoft Azure under an Australian tenancy. Identity management information is stored in Auth0 under an Australian tenancy.
Data access is limited to approved Altius Group staff, with a development environment available to site developers.
Data types that are stored include:
- User Accounts: login email address, hashed password, date of first login, date of last login, user defined username, site the account belongs to, user role, user ID, user data of birth (note, the user's real name is not stored)
- CMS Analytics: page views, click actions
- Company Site: company name, site name, host name, registration code, company logo, company colour scheme, site configuration preferences.
- Application Configuration: options to toggle site features, and configure application settings.
- Site Content: CMS content (articles, etc.) via the Angular platform. Provided by Altius Group or the site's operating company (EAP customer).
- User Generated Content: related to site features such as groups, challenges and health trackers (where enabled).