Maximum security for confidential improvement work.
NOTE: The Compliance Module is required for GDPR compliance and for KaiNexus to sign a BAA to be fully compliant with all HIPAA regulations.
The Compliance Module allows your organization to:
- Enable single sign-on (SSO) for your users
- Control which IP addresses are permitted to access the system
- Control which email domains can be used for users in the system
- Run audit logs
- Disable file attachments
- Set unique password requirements
- Set the maximum number of failed login attempts a user can make before their account is locked
- Lock all or some components of the user profile for any users without a "User Administrator" permission
Reach out to your Customer Success Manager if you're interested in this module or, if your organization is already using this module, to take advantage of any of the features described in this article.
Single Sign-On (SSO)
SSO is an authentication service that enables a user to use one set of login credentials (for example, a name and password) to access multiple applications. Common SSO providers include Okta and Microsoft Azure.
With the Compliance Module, KaiNexus supports SAML 2.0 to limit attacks from phishing schemes and make participation as easy as possible for everyone.
Pro Tip: To learn more about Single Sign-On and KaiNexus, check out this support article.
Every device has a unique IP address when connected to the internet, which tells other devices where in the world you’re located.
With the Compliance Module, you can control traffic in and out of your improvement network and protect your data by limiting the places from which employees can access KaiNexus.
Require that all email addresses entered in the KaiNexus system be employees' company emails.
Track your users’ activity in KaiNexus with audit logs, provided by your Customer Success Manager upon request.
Turn off file attachments
Prevent all users from uploading any files to KaiNexus to make sure nothing confidential is shared. Users will be unable to:
- Add profile pictures
- Attach files to Items, Standard Work Groups, or Freestyle Cards
- Import Chart data
Custom password requirements
Customize the requirements of KaiNexus passwords to fit your organization's security needs. You can:
- Determine the password strength requirements
- Prevent users from using their username as their password
- Enable password expiration so that users will be prompted — and then required — to change their password at regular intervals
- Prevent users from repeating their previously used passwords
Specify the number of failed login attempts that will cause a user's account to be locked. A locked account can not be accessed until the user resets their password or an administrator resets it for them.
Restrict user profile editingRestrict certain components of users' profiles so that only users with the appropriate "User Administrator" permission can edit them. You can:
- Fully lock down user profile editing so that users without the appropriate "User Administrator" permission will not be able to edit any part of their own user profile.
- Partially lock down user profile editing so that users without the appropriate "User Administrator" permission will not be able to edit their user attributes — called Titles, Positions, Employment Statuses, and Certifications by default — but will be able to edit other profile information, such as their name and email address.
- Hide the "Employee ID" field from the user profile and the Edit Profile window for any users without the appropriate "User Administrator" permission.