Common Product Questions
A member can do everything an admin can do, except:
- 1.Invite new members.
- 2.Add or update team manager and team leads
- 3.Grant or revoke admin status
- 4.Launch Onboarding and Offboarding workflows
"Last Seen" reflects different things depending on the app in question and how users access it.
When Google OAuth is used for login, Google grants a token relating the app to the user. The first time this token is granted generally coincides with the first login. When the token expires or the app re-requests an OAuth login, that date will be refreshed and surfaced in Blissfully.
In most cases, like with G Suite SSO, Last Seen is the last time the user logged in. However, some apps treat the token-granting as independent from their login mechanism or use very long-lived sessions. If an app allows users to stay signed in for a long time, it can make Google / Blissfully's understanding of Last Seen outdated.
In addition, if the auth tokens are still active but were created more than 180 days before Blissfully was installed, Blissfully will know the user has access to the application, but we won't have the exact date.
For apps where users are signing in with Okta, Last Seen is the last date of usage. The same applies to Salesforce and Zendesk if you have activated the integration in Blissfully.
Blissfully cannot detect logins that do not use some form of SSO. However, Blissfully can detect usage in other ways, like an email invoice sent to a person.
Yes! If you'd like to see our report, contact us using the chat bubble at the bottom of your screen.
If the user attempts to log in again, a new token is created and our system will detect their access and mark it as "unintended".
This can be a result of recycling or reusing a former employee's email. Blissfully, HR and Finance tool maintains records of former employees. As a best practice, we recommend maintaining a unique email address for both current and former employees. Reusing or recycling an email is a possible security risk that may expose personal data to unintended users. Many Saas tools will happily grant personal data to the wrong person if they have the relevant email address. In the world of the internet, your email address is your ID. For example, when you request a new password through "Forgot your password?" process. New instructions are sent directly to the email associated with the account. In most cases, there is no verification process on the identity of the user. The tool assumes that the owner of the email is the rightful owner. When an email is reused, we run into a risk of exposing the former employee's email and personal data to the new employee.
Before removing the user from the system, we recommend reviewing the following areas:
- Which integrations did the user add? Do we need to re-integrate them?
- Reach out to support for a list of assigned tasks on workflow templates.
- Identify a list of apps where this user is an App IT admin or Owner. Support can help.
- Did the user have any API keys that automate Blissfully to third-party integrations?