Security and Foundation Business Features

Business Feature / Process	Description

Business Feature / Process	Description
Security	Security defines the policies that govern access and permissions across CRM.COM, covering everything from creating API keys for external applications to configuring user roles and inviting new users. These settings apply across all organisation types within the CRM.COM Business Network, including the Cloud Operator, Businesses, and Merchants/Service Providers.
Users	Users are individuals of the business who perform daily operational tasks, such as processing service requests and orders, monitoring performance, and configuring system settings. Users are invited by other users (with the necessary access permissions) via email, and they can access the system through the backend interface or web APIs. Their access permissions are determined by their user roles.
User Authentication	User authentication features can be optionally enabled to provide enhanced protection against unauthorised access. Two-Factor Authentication (2FA) adds an additional security layer by requiring users to verify their identity using two distinct factors. Beyond entering a username and password, users must provide a second verification method—such as a code generated by an authentication app (e.g., Google Authenticator) or a one-time password (OTP) delivered via SMS or email. OpenID Connect is an authentication protocol supported by CRM.COM that allows users to log in using a single set of credentials from an external identity provider, simplifying access while maintaining strong security.
Password Policies & Expiration	Password policies strengthen account security for both users and contacts and ensure passwords are regularly updated. Strong Password Policy: Can be enabled independently for both users and contacts to enforce secure password requirements. Password Expiration (Users Only): Configurable policy that requires users to update their password after a set number of days, with optional advance notifications to alert them before expiration.
User Roles	User Roles are collections of permissions that determine what actions a user can perform across the CRM.COM Platform (e.g., managing Contacts, configuring Reward Offers, or maintaining the product catalogue). Owner role: When an organisation (such as a Merchant or Service Provider) is created, an Owner role is automatically generated with full-access permissions. This role is assigned to the user who registers the organisation and grants complete administrative control.
Teams	Teams help organise Business users according to their functional responsibilities. A user may belong to multiple Teams. Teams can be assigned to a user either during the user invitation process or later by editing the user within the Security settings.
Events and Logs	Events represent business-level actions - such as contact registration or a new purchase - while Logs capture technical activity, including API requests and responses. Authorised users can review both for monitoring, troubleshooting, and auditing purposes. Events and Logs can also be optionally exported to an external MongoDB database via CRM.COM Integrations for advanced analysis, long-term storage, or external processing.
API Keys & API Key Roles	API Keys Generate Public and Secret API Keys to allow client applications—such as mobile apps or external systems - to access CRM.COM’s Web APIs. API Key Roles Similar to User Roles, API Key Roles define the permissions an API Key has, controlling which actions external systems can perform.
Automations	Automations are a predefined sequence of actions that help a business streamline repetitive tasks. It starts with an event trigger (e.g. contact registration or a new order) and executes a series of actions - such as sending emails or triggering webhooks - in a defined order, ensuring consistent and efficient processes.