Privacy, security and GDPR

The Privacy, security and GDPR page allows you to configure Ortto’s global security, privacy, and General Data Protection Regulation (GDPR) settings.

Access the Privacy, security and GDPR page

To access the Privacy, security and GDPR page, on the Setup page, click Privacy, security and GDPR.

On this page, you can configure the following privacy and security settings:

If you change any of these field values (below), click Save towards the end of the page to save all changes you have made to the page.

App authentication

The App authentication section allows you to enforce whether or not your Google Account or Okta-based credentials are required to sign in to your Ortto account.

To configure this feature, select from either of the following options:

  • Any authentication method ( Default ) - All users can sign in with either their Google Account, or with their own email address (which could be a Gmail address) and password (specific to the Ortto account).

  • Google Single-Sign-On enforced - All users can only sign in to Ortto using their Google Account.

  • Okta Single-Sign-On enforced (requires additional setup in OKTA) ( Limited availability ) - All users can only sign in to Ortto using credentials configured through an Okta domain.
    This feature is only available to Ortto customers on Enterprise plans. Learn more about how to configure this feature in Configure the Okta connection below.

    Ortto’s Okta integration enforces users to sign in to Ortto using a service provider-initiated (SP-initiated) single sign-on (SSO) flow. This means that users will only be able to sign in to Ortto (service provider) from the Ortto sign in page using Okta credentials.

    The Okta SP-initiated SSO is bound to the Ortto account (instance) in which it was configured. Other Ortto accounts can be configured with alternative authentication methods (such as Google SSO).

    If you choose this option and proceed to configure your Ortto account to use Okta single sign-on (SSO), then this is an irreversible process, and you will no longer be able to revert your Ortto account to using the Any authentication method or Google Single-Sign-On enforced methods for Ortto app authentication.

Add and configure the Ortto app in Okta

  1. Ensure you are signed in to Okta with your administrator account and that you are viewing your Okta admin Dashboard.

  2. Access the Applications page and click the Browse App Catalog button.

  3. Search for ortto and choose the appropriate option from the drop-down list.

  4. On the Ortto page, click Add.

  5. Follow the remaining pages to configure the Ortto app in Okta.

  6. Once the Ortto app is configured, make note of the following details, which will need to be configured in Ortto:

    • Client ID,

    • Client secret, and

    • Okta domain.

      You can collect all three items from the Sign On tab of the Ortto app (the Okta domain can be found via the OpenID Provider Metadata). Or, copy the Okta domain from the user menu (hover over the domain name to access a copy to clipboard function).

      okta integration
  7. Ensure you have a user account configured in your Okta account (the Directory  People page) that matches your user account configured through Ortto’s User management page.

  8. When viewing this user’s profile in Okta, ensure the Applications tab is shown and click the Assign Applications button to begin assigning the Ortto app to this Okta user account.

Configure the Okta connection

After adding and configuring the Ortto app in Okta, follow these steps to activate Okta SSO in Ortto.

  1. Select the Okta Single-Sign-On enforced (requires additional setup in OKTA) in App authentication at the top of the page.

  2. Click the Save button at the end of the page and in the resulting Provide Okta details dialog, specify the Okta domain, Client ID, and Client secret details you noted above.

  3. Click Submit.

  4. Sign out and then sign in to Ortto via the Okta button on the sign-in page.

  • To allow additional Ortto user accounts to sign in to Ortto, ensure that:

    • these users have corresponding user accounts (i.e. with matching email addresses) configured in your Okta domain first, and

    • the Ortto app has also been assigned to these users in Okta.

  • The permission assigned to a user account in Ortto is independent of the permissions assigned to its corresponding user account in Okta. The Ortto user account’s permission determine what that user has access to in Ortto.

  • If you add new user accounts in Ortto (after having configured corresponding user accounts in Okta), then these users will receive an email invitation to either sign up or sign in to Ortto via Okta.

Google reCAPTCHA

The Google reCAPTCHA section allows you to incorporate Google’s reCAPTCHA feature into Ortto’s capture widgets used on your business' site/s as data sources integrated with Ortto.

To configure Google reCAPTCHA in your Ortto account:

  1. Register your business' site/s through Google reCAPTCHA, e.g. via its Admin Console, choosing reCAPTCHA v2 (and one of its appropriate options) as the reCAPTCHA type.

  2. After the registration process is completed (e.g. on Google reCAPTCHA’s Adding reCAPTCHA to your site page):

    1. Click COPY SITE KEY and paste this into the Site key field in this section of the Ortto interface.

    2. Click COPY SECRET KEY and paste this into the Ortto interface’s Secret key field.

Two-step authentication (2FA)

The Two-step authentication (2FA) section allows you to enforce whether or not Ortto users are required to use two-factor authentication/verification (configurable through their Profile settings) to sign in to your Ortto account.
Two-factor authentication/verification is also known as multi-factor authentication (MFA).

To configure this feature, select from either of the following options:

  • Optional ( Default ) - All Ortto users can sign in to Ortto with or without the need to use two-factor verification.

  • Required - All Ortto users must use two-factor verification sign in to Ortto. Two-factor verification is configurable for each user through each Ortto their Profile settings.

  • If 2FA is set as required for all users in here (in Setup:  Privacy security and GDPR, but have has not yet been set it at account level (under Profile settings), then 2FA will automatically be enabled in each users' Profile settings.

  • If you have 2FA configured but sign in with a Google account, then you may not be prompted for 2FA during the sign-in process, since Google’s own two-step verification feature is utilized instead.

Tracking opt-in form

The Tracking opt-in form allows you to enable or disable Ortto’s user-driven cookie-based tracking feature, which is designed to meet the "General Data Protection Regulation" (GDPR).

The GDPR is a European Union (EU) protection framework that applies to:

  • companies and entities in the EU who handle personal data as a part of their activities, as well as

  • companies and entities outside of the EU who handle the personal data of EU data subjects (individuals residing in the EU).

As part of the GDPR, any software application (like Ortto) that tracks personal data, must allow the user to opt-in to accepting the software tracking their activities through the web application or browser.

Since Ortto uses cookies to track personal data, then to meet GDPR requirements, you can enable Ortto’s tracking opt-in form to appear on your business' site/s.

Policies, documents and GDPR addendum

Ortto’s Customer General Data Protection Regulation (GDPR) addendum can be downloaded from this site.