Skip to content
← CommunitySuite Idea Lab

How can we improve CommunitySuite? Search or submit ideas below.

CommunitySuite Idea Lab: Portal

Categories

JUMP TO ANOTHER FORUM

(thinking…)

Remove Portal access for all

EVERY profile with an email address in CSuite is able to access (via a PIN) or to be seen in the new Portal by someone else with the same email address, regardless of whether they have a Designation that you are allowing access. This is causing a variety of issues and we very strongly think the Portal needs to be re-programmed to remove this access for any email address.

Here are some specific examples of issues arising from this new design:

  • One of our users has a Household profile from a personal donation which uses her work email address. That work email address is also used for the nonprofit she works for. When she logged in, she could see both her HH and Org profiles but didn't know which was which or why, so she changed her home mailing address on her HH profile to her work mailing address. After that, I turned OFF the ability for users to update their contact information online, but now they can't update Philanthropic Interest Type.

  • An even more pressing situation is: A nonprofit that holds a fund with us has a general email login to the Portal as a Fund Advisor (something like office@nonprofit.org). For some reason, several donors who made donations to the Fund online also used that email address when they made their donation, so that email is in their personal profiles. So, when the Fund Advisor logs in and chooses the "Change Profile" button, she can see those donor names and their addresses.

Who knows how many duplicate emails exist that aren't showing up on our Duplicates page and which are going to be seen by users who should have access to the portal but not to those other profiles? Please revert the Portal to its former functionality which is to only allow access to users for which we set up with a Login.

9 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Jenny C shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Jenny C commented  ·   ·  Report

    @Joshua McCloud - The issue I cited isn't that WE added a constituent's work email address to a Profile, but that a donor to a nonprofit's fund included an email address that's not theirs when they made a donation via Stripe. Perhaps the donor didn't want to use their personal email address with the donation so used an email address that came with an appeal from the nonprofit? or thought if they used the nonprofit's email in that field that the nonprofit would get notified of the donation?? But regardless, when our staff saw the donation come through they didn't necessarily know it didn't belong to that donor.

    If you haven't implemented the new Portal yet, you will soon learn that there's no way to only enable the portal for fund advisors as there was in the former portal, and you may need to deal with the thousands of emails your database has acquired over the years which now are potentially able to be seen by others via the Portal. Unless we users can convince CSuite to turn off access.

  • Joshua McCloud commented  ·   ·  Report

    You wrote: "For some reason, several donors who made donations . . . also used that email address when they made their donation[.]"

    In practice, it's not just a problem with duplicate or shared emails. Work emails pose the same problem. In any case, there are all kinds of reasons why a work or shared email address might appear on a profile in CSuite. The fact is that until now, foundations' staff haven't thought about--and haven't HAD to think about--the security implications of adding an email address to a profile; it's been nothing more than a way of tracking communication methods. I add a constituent's work email address to her profile because that's the only email address I know or it's one way we communicate with her.

    Now, all of a sudden, without my intention to do so and certainly without our constituent's, that work or shared email address gives access to her private profile and donation information through the portal.

    For now, my solution to this problem is to leave the portal mostly turned off. I have to enable it for fund advisors, since we've been using the fund-advisor portal and that's being replaced next month, but the hundredish profiles I need to worry about there are much more manageable than the literal thousands our database has acquired over the years.

    EDIT: @Jenny C: Yeah, I just realized that the profile part of the portal remains accessible regardless what other segments are activated. So now the question is whether we inconvenience our fund advisors by completely removing their ability to manage their funds online so as not to risk the privacy of all our donors?

    EDIT AGAIN: I guess we could instead forgo using the built-in email fields and just use custom fields to track email addresses.

  • Lenora commented  ·   ·  Report

    Interesting. I think this brings up several fixes.

    I am wary of turning on any functionality for users to update their profiles for similar reasons. It would be very helpful to turn the uder profile edit section into checkboxes that allow us to have more control on exactly what users can and cannot change.

    I have also noticed that lots of duplicates don't pull into the Duplicates section.

    I think Foundant could also just add a setting that allows us to turn off the "Access via pin" option. Also, seems like a security risk as anyone with a compromised email could access fund information.