Dashboard security
Unit's Dashboard serves as our client's backoffice and operations tool, used by the support, opperations and finance team to provide services to the end customers and manage the program. Since sensitive financial operations and end customer PII accessible in the dashboard, non-secure use can result in significant risk and potential loss to the Unit client. The guide below details the security measures and best practices recommended by Unit for secure use of the dashboard.
Log-in
Logging in to the Unit dashboard is done, by default, using a username and password combination, with an additional layer of two-factor authentication (via OTP). However, Unit's dashboard supports SAML, which means you may use your own company's SSO credentials to sign in to the dashboard.
Using SAML is highly recommended, since it guarantees that when an agent/employee is no longer with the company, their dashboard access is cut off as well.
If you use SAML/SSO it is further required that you use multi factor authentication as part of the sign-in process to your organizational account, to prevent a situation where the credentials leak and are abused.
IP Allow-listing
Unit's dashboard supports IP allow listing. It is highly recommended that you configure your company's static IPs, and only allow your employees to access the dashboard either in-office or through a VPN.
User Roles
Unit's dashboard currently defines 4 user roles. API keys that are created by a specific user, are subject to the access level of the user's role.
| Role | Description |
|---|---|
| Admin | Full access to all the functionalities supported by Unit, including creation of new users. |
| Restricted | Same access as "Admin", excluding sensitive actions that may cause funds to be moved. Cannot create new user. |
| Readonly | Read only support role. |
| Readonly no PII | Similar to read-only, with no access to PII and sensitive data such as account numbers. |