Confidential Login Overview

The Portal Settings: New Confidential URL feature allows administrators to use a single account to grant multiple users limited access to Core. This is done by generating a URL that displays only the Confidential Submission form (e.g., an incident report) or selected activity, without requiring login credentials. This feature is useful for organizations that occasionally require third parties or front-line employees to confidentially create or edit Core data. 

Are you an incident management application user? Read more here: Confidential Portal Overview.

The Portal Settings: New Confidential URL screen.

All changes made via an Confidential Login are captured in the Audit Trail. Therefore, when creating a new confidential URL, administrators must first create a non-administrative user account and assign that account to a role with access to the applicable object type(s) and activity from the confidential submission.

By creating an confidential URL, you are accepting the Terms of Service on behalf of the users who will be accessing the link.

IP Authorization Control

IP authorization control helps administrators control who's accessing specific orgs based on the IP address of users logging into Core and users accessing it through an Confidential URL. 

If enabled on an confidential URL, the IP address of the user accessing the URL will be validated against the entries in the org's IP allow list. If the IP address doesn't match any of the entries, a 403 error is displayed. This is captured in the User Audit Trail as an Unsuccessful Confidnetial Login event.

The error message displayed to unauthorized users attempting to access an Confidential URL.

Before this option can be enabled on a URL, IP authorization must be enabled on the org by a member of Resolver Support. For more information, including functionality for additional login scenarios, see the IP Authorization Control section.