Compliance Module

The Compliance Module

Maximum security for confidential improvement work.

Two Line OfieNOTE: The Compliance Module is required for GDPR compliance and for KaiNexus to sign a BAA to be fully compliant with all HIPAA regulations.

The Compliance Module allows your organization to:

Two Line OfieReach out to your Customer Success Manager if you're interested in this module or, if your organization is already using this module, to take advantage of any of the features described in this article.

Single Sign-On (SSO)

SSO is an authentication service that enables a user to use one set of login credentials (for example, a name and password) to access multiple applications. Common SSO providers include Okta and Microsoft Azure.

With the Compliance Module, KaiNexus supports SAML 2.0 to limit attacks from phishing schemes and make participation as easy as possible for everyone.

Ofie Profile PicPro Tip: To learn more about Single Sign-On and KaiNexus, check out this support article

Permitted IPs 

Every device has a unique IP address when connected to the internet, which tells other devices where in the world you’re located.

With the Compliance Module,  you can control traffic in and out of your improvement network and protect your data by limiting the places from which employees can access KaiNexus.

Domain-restricted email

Require that all email addresses entered in the KaiNexus system be employees' company emails.

Audit logs

Track your users’ activity in KaiNexus with audit logs, provided by your Customer Success Manager upon request.

Turn off file attachments

Prevent all users from uploading any files to KaiNexus to make sure nothing confidential is shared. Users will be unable to:

  • Add profile pictures
  • Attach files to Items, Standard Work Groups, or Freestyle Cards
  • Import Chart data

Custom password requirements

Customize the requirements of KaiNexus passwords to fit your organization's security needs. You can:

  • Determine the password strength requirements
  • Prevent users from using their username as their password
  • Enable password expiration  so that users will be prompted — and then required — to change their password at regular intervals
  • Prevent users from repeating their previously used passwords

Account lockout

Specify the number of failed login attempts that will cause a user's account to be locked. A locked account can not be accessed until the user resets their password or an administrator resets it for them.

Restrict user profile editing

Restrict certain components of users' profiles so that only users with the appropriate "User Administrator" permission can edit them. You can:
  • Fully lock down user profile editing so that users without the appropriate "User Administrator" permission will not be able to edit any part of their own user profile.
  • Partially lock down user profile editing so that users without the appropriate "User Administrator" permission will not be able to edit their user attributes — called Titles, Positions, Employment Statuses, and Certifications by default — but will be able to edit other profile information, such as their name and email address.
  • Hide the "Employee ID" field from the user profile and the Edit Profile window for any users without the appropriate "User Administrator" permission.

Recommended Reading