Restriction and Certification

Restriction and Certification

What is Restriction and Certification?

In iCarol there is a 'Restriction and Certification' tool available that allows sensitive call report and caller profile information to only be seen from certified computers, and restricted from being seen by uncertified computers. Other non-sensitive information (ex. News, Events, Chatboard, Shifts, etc.) areas of iCarol are still accessible from any computer, even if it isn't certified. 

Using the 'Restriction and Certification' tool is a multi-step process, broken out into several smaller tasks outlined below. Read through and complete each of the tasks below to begin, and keep the following points in mind, which are all described in more detail later in this help article:
  1. Every user can log into iCarol from any computer and see all sensitive information, unless the Restriction and Certification tool is enabled
  2. Users can be given permission as exempt from restriction, meaning they can log into iCarol from any computer
  3. Only users with permission to do so can certify computers
  4. Reports are available to quickly see what computers are certified to access your iCarol system, and computers can easily be uncertified
  5. The certification tool is actually certifying an entire IP Address, so if you have multiple devices accessing iCarol from the same IP Address, the tool only needs to be installed and run once on a device using the IP Address
  6. A single computer can only certify a single IP Address. For example, if a computer certifies an IP Address at home and that same computer then certifies a different IP Address at a local coffee shop, their home IP Address is no longer certified and would need to be recertified  

Task 1. Decide how to certify computers

Choose from the methods described below. Your organizations choice is dependent on your individual needs and structure, and you can choose to use one or both of the following methods:
  1. Certify individual computers: Install the tool described below on computers your organization has determined should have permission to access sensitive information (ex. a home computer for a trusted employee, an office computer, etc.). Most internet connections use a dynamic IP address, which changes every few days. When an individual computer is certified using the iCarol certification tool, that tool will reach up to iCarol every few minutes from the certified computer and say: “Hey, I’m the ‘Phone Room Computer 1’ for the Elmdale Helpline. I’ve been certified, and my IP address is currently 72.22.221.198.”  iCarol takes this information and updates our files so it will recognize future sign-ons as being certified from that IP address.
    1. This means if you have, for example, 10 computers in your office that all use the same internet connection with the same dynamic IP address, you only need to install and run the certification tool on one of those computers. 
  2. Certify a static IP address: If a client has a static IP address, iCarol staff can manually put that entry into the database lookup table, and iCarol will ALWAYS treat traffic from there as coming from a certified computer. If this is done, there is no need to install the iCarol certification tool on computers at the agency because the IP address will never change. Usually only internet connections procured for a larger office or facility might have one. Contact your internet provider or IT staff to find out if you do. Nearly all home internet connections do not have a static IP address, and therefore should use the previous method to certify. 
If you're unsure if you're using a Dynamic or Static IP address, consult with your IT department or use a website (ex. https://whatismyipaddress.com/) to find out. If you use the website provided as the example, simply go to the website and click your IP address, and the "Assignment" for your IP address will show as either Dynamic or Static.

Task 2. Complete Certification

Using the steps outlined below, depending on which method(s) you decided to use based on the information above.

If certifying individual computers, an authorized user must log into iCarol from the computer that needs to be certified, download the certification tool and follow the steps on the screen to activate the certification tool. 
By default, only Admin level users are authorized to download the tool to certify computers, but any user can be given permission to do so by enabling their Advanced Security Setting 'Can certify computers'.
  1. To access the tool as an Admin level user, click Admin Tools in your left side menu, then click the 'Tools' tab at the top of the page, and under the Restriction and Certification section click the link 'To certify or uncertify a computer, click here'. 
  2. To access the tool as a Supervisor level user (after permission has been given to do so), click 'Home' in your left side menu, then click the link 'Click here to view the home page everyone else sees.', and at the bottom of the page click the 'Certification' link.
  3. To access the tool as an Enhanced, Standard, or Trainee level user (after permission has been given to do so), click 'Home' in your left side menu, and at the bottom of the page click the 'Certification' link.
After you click the 'Certification' link, follow the steps on the page to install the certification tool and certify your computer.
Note, each time a user who is not an Admin level user certifies a computer, a notification email is sent to all Admin level users to notify them a new computer has been certified. 

If certifying a static IP address, a designated Support Contact from your organization can go to 'Help' in the left side menu and submit a case with a request to certify static IP address, and provide the specific IP addresses to certify.
Once certified, by either method above, iCarol then knows that it is OK to display call and caller information to people who are signed on from a computer with a certified IP address.

Task 3. Enable the Restriction and Certification tool

By default, this tool is disabled in iCarol systems and must first be enabled by an Admin level user, by completing the following steps:
  1. Click 'Admin Tools' in your left side menu
  2. Select the 'Tools' tab at the top of the page
  3. Under the Restriction and Certification section, select the checkbox next to the 'Use restriction' setting to enable the tool, or deselect the checkbox next to the setting to disable the tool and click 'Save all settings'
    1. If you deselected the checkbox to disable the tool, skip to task 4 at the end of this help article to finish disabling the tool, or if you wish to uncertify individual computers; if you're enabling the tool, proceed to the next step
  4. By default, Admin and Supervisor levels are exempt from restriction. This means if an Admin or Supervisor level user logs into iCarol from a computer that isn't certified, they'll still be able to access call report and caller profile information. If you wish to apply the restriction to Admin or Supervisor level users, select the appropriate checkboxes next to the 'Admins/Supervisors are also affected by Restriction' settings and click 'Save all settings'
In addition to being able to define Admins or Supervisors as being exempt from restriction, users can also given permission from being exempt from restriction by enabling their Advanced Security Setting 'Exempt from Restriction (can always see call reports)'.

Task 4: View Certified Computers and Uncertify Any Computer

A user with permission to Certify computers also who has permission view the Security page of Statistics can un-certify any computer no matter where it is located, by completing the following steps:
  1. Click 'Statistics' in your left side menu
  2. Select the 'Security' area at the top of the page
  3. Choose the radio button under Choose a Report for 'Computer Certification' and you can review all certifeid computers
  4. If you wish to uncertify any computer, click the 'Uncertify' link next to any computer you wish to uncertify, and a confirmation message appears telling you the computer will be uncertified the next time a user tries logging into iCarol from that computer
Alternately, you can uncertify a computer by logging into iCarol on the computer you wish to uncertify, as a user with permission to certify computers. Complete the steps outlined in task 4 to access the certification tool, and follow the on screen instructions provided on the same page where you installed the tool. 

Troubleshooting Tips

Troubleshooting: Error during certification installation process
During the iCarol computer certification installation process, you may get the following error message:
 "Setup cannot continue because this version of the .NET Framework is incompatible with a previously installed one. For more information, see http://support.microsoft.com/kb/906894"

Why am I getting this error message? 
  1. The system detects the user already has a more recent version of the prerequisite .Net Framework installed on the computer. The earlier version cannot be installed over the later version.
  2. Proceed with installing the iCarol Certification Tool directly
If unable to  proceed:
  1. uninstall the .NET Framework 2.0 Service Pack 1 from your computer before you install the .NET Framework 2.0. 

Troubleshooting: We can still see restricted info from our non-certified computer in the office
If restricted info is being accessed through a non-certified computer in your office, there are two reasons this could be happening.  
  1. One reason is because that computer is sharing the same network as a certified computer.  Computers that are sharing the same internet connection (at home or in an office building) would be considered to be on the same network. So if any computer on that network is certified, then iCarol would treat all of them as if they are certified. The most straight-forward way to ensure people on your WIFI network are not treated as "certified" is to have two different internet connections (from your internet service provider) so that they each have different/unique IP addresses when they are connected to the public internet.  A WIFI router can be connected to one of these internet connections so that the staff and volunteers can use this connection with their own devices.
  2. The second internet connection (wired or wireless, doesn’t matter as long as the WIFI password is not shared) will be used to connect to iCarol. If you then only have certified computers accessing iCarol from the second internet connection, then only devices on this second internet connection would be treated as “Certified”, so only these devices can access the confidential information on iCarol. 
Also keep in mind that Admins and Supervisors can always see restricted information (even from non-certified computers) unless that capability has been restricted inside the Admin Tool (Tools tab).

Troubleshooting: Restriction and Certification on Wireless Internet Connections
Some organizations have a wireless network (WIFI) at their offices so that their staff and volunteers can access the internet while they are there. However, since WIFI networks can often have a range that extends outside of the office's physical walls, these organizations would prefer that people using iCarol over these WIFI networks not be treated as "certified". As a reminder, note that if any computer on a network that shares an internet connection is certified, then all devices on that network will be treated as certified.

The most straightforward way to ensure people on your WIFI network are not treated as "certified" is to have two different internet connections (from your internet service provider) so that they each have different/unique IP addresses when they are connected to the public internet. 

A WIFI router can be connected to one of these internet connections so that the staff and volunteers can use this connection with their own devices. The second internet connection (wired or wireless, doesn’t matter as long as the WIFI password is not shared) will be used to connect to iCarol. 

If you then only have certified computers accessing iCarol from the second internet connection, then only devices on this second internet connection would be treated as “Certified”, so only these devices can access the confidential information on iCarol. 
 
There may be ways to accomplish the above using only one internet connection but it would require a more advanced router and more advanced IT expertise.  You will very likely need to consult with an IT expert to determine if this can be accomplished in your agency.

    • Related Articles

    • Training Webinar: Program Restriction Feature

      During this training participants will learn: What are Programs? How to Assign/Remove Vols-Staff to Programs Understanding Programs and Shifts Understanding Programs and Contact Records Understanding Programs and Profiles

    • Training Webinar: Security Best Practices:

      During this training participants will learn: Password reset Inactivation volunteers/staff Settings to support security Reporting to support security Certification and Restrictions Shredding How to submit tickets with PII/PHI

    • Training Plan: Programs

      Training Plan: Programs The information in this training plan is meant to be reviewed by your organization, and used as guidance on what should be included in your individualized training materials created for your users when learning how to use ...

    • Messaging Pre-Text Survey

      What is the Pre-Text Survey? The new Pre-Text Survey replaces the old SMS/Text Registration feature. Where the old feature sent a URL to your help seekers cell phone, the new feature sends a series of text messages asking pre-text questions ...

    • General Messaging Settings Live Chat and SMS/Text

      General Messaging Settings Each Live Chat and SMS/Text Portal in your system has associated 'General Settings', as follows: From the main Messaging page, click the ‘IM and SMS Settings’ link in the top right corner of the page Select the named portal ...