Security

Security

Overview

The safety and security of data within Compass is of the utmost importance. There are security measures in place to ensure that your user community is safeguarded against potential threats.


Via the 'Security Settings' page, schools have control over aspects of the available security settings which provides you with the ability to quickly remove or limit access in any potential situation that an account may be compromised. 

Permissions

To access security settings, staff will require the 'Configure' permissions.

For details on how to assigne permissions in Compass, please refer to the 'Permissions' article from the Knowledge Base.

Security Settings

To access the 'Security Settings' page, go to the cog icon and select 'Administration Tools' from the menu. 
     

Click the 'Security Settings' option to load the page.
     

Here you will see a range of settings for the following:
 - Two Factor Authentication
 - Session Configuration
 - Access Settings

If you make any changes to settings, ensure that you click 'Save' at the bottom of the page for the changes to take effect.
     

Please note that users within CompassPrincipals, CompassSponsors, CompassBusinessManagers will receive an email notification when changes on this page have been saved

Two Factor Authentication

For details on enabling two factor authentication, please refer to the 'Two Factor Authentication' article from the Knowledge Base.

Please note: If your portal has SAML/SSO enabled, a banner will display above the page to advise you that the Compass 2FA settings will not apply. All MFA settings should be applied in your SAML/SSO provider, and will automatically apply upon login to Compass.


Session Configuration

In this section you can set the time in which a session will expire if the user does not perform any actions in Compass.  The settings allow you to set different times for web and mobile sessions.
   


Forced Logout

If you are concerned an account has been compromised you can force a logout to ensure all current sessions for the user, or user group, are logged out.

To do so for an entire user group, select the applicable role type. 

     

Click 'Force Logout'.
     

To force logout for a single user, enter their username and then click 'Force Logout'.
     
     
When doing a forced logout, you will be prompted to confirm the action.
     

You will get a confirmation when the process has been completed.
     

Access Settings

If you need to temporarily disable all access to Compass accounts for students and/or parents, you can do so by ticking the applicable option and clicking 'Save'.     

Email Login Alerts

Each time a user logs in to Compass, they will receive an email alert to notify of that login. If they have not logged in on the date and time in the email, they should immediately take steps to secure their account. 

     


Password Resets/Account Lockouts

For details on resetting user passwords, please refer to the 'Reset Passwords or Account Lockouts' article from the Knowledge Base.

Data Exports

When requesting to download large files (e.g. Attendance exports, Chronicle exports, Report results), the file will be emailed to the user’s email address, rather than downloading directly onto the computer of the user. This feature prevents the amount of data a user can access if an account was compromised. They are unable to access the data unless they have access to the user’s email.

When any of these requests are run, all users with CompassSponsors, CompassPrincipals and CompassBusinessManagers will also be notified to ensure school leadership can be alerted to any suspicious behavior in the portal should they not be aware already.

To avoid a person using a compromised account from simply changing their email address in the user’s account in the portal in order to receive the file, you can specify which domain/s are eligible to receive these files to avoid this action from being successful.

On the Security Settings page in the 'Data Export' section, enter any email domains (e.g. @education.vic.gov.au) that are eligible to receive the download files. Files will not go to any emails outside of that domain that request it.

     

Genuine Compass Page - What to look for

When signing into Compass from a web browser, always look to see that the domain is structured as follows:
https://yourschool.compass.education/pages.aspx

  1. Make sure the start of the URL is https not http
  2. yourschool - this should be the name or abreviation of your school, it may be followed with a state or country identifier (such as -NSW, -UK or -IE).
  3. .compass.education/  - all compass portals have this domain name . If you see a .com, .org, .net in the url - this is likely not a legitimate Compass domain.
  4. /pages.aspx - this part of the URL will vary depending on the part of Compass you are viewing

If you are unsure, please send an email of the entire URL to our team at support@compass.education and we will let you know. 

When browsing pages in Compass we use SSL/TLS - which means that a domain should have https in the URL and should include a padlock to indicate the website is secure.

If you believe you have logged into a page that is not a genuine Compass URL, we recommmend you change your password immediately and email us (support@compass.education).

Legitimate Compass Emails - What to look for

Automated emails from the Compass platform will come from the compass@compass.email address. 

Any email sent from a Compass employee will be from NAME@compass.education. 

If you have received an email that you deem to be suspicious, please forward this to support@compass.education immediately for investigation. 


    • Related Articles

    • Two Factor Authentication

      Overview To enhance the security of access to Compass at your school, you can enable Two Factor Authentication. This will require your users to confirm their identity via email or SMS when logging in to your school's portal. Please note: If your ...

    • Authentication

      Overview The CompassLink service runs inside your school and allows your users to authenticate using your existing LDAP infrastructure (such as Active Directory or Open Directory). This removes the need for separate password management and accounts ...

    • CompassPay FAQs

      Frequently Asked Questions Which credit cards are accepted? We accept the following types of cards: We do not accept the following cards: Is there a guide available for Parents? Yes, click here to access the Parent Guide. What if a parent disputes a ...

    • CRT - Replacement Staff Accounts

      CRT Accounts - Emergency/Temporary Replacement Staff Accounts All Compass portals have 26 default CRT (Replacement Teacher) accounts available to enable these staff access to Compass while on placement at your school. Depending on your school system ...

    • CompassLink

      Overview Compass integrates with your school infrastructure using the CompassLink service. The CompassLink service communicates between LDAP infrastructure such as Active Directory or Open Directory, and School Information Systems such as Cases21, ...