Security

Security

Security in HostedSuite HostedSuite has a multi-level security system that allows you to restrict visible data and functionality for users effectively. There are three types of users in the HostedSuite system: | User Type | Description | | --- | --- | | Administrators | Administrators have full access to the HostedSuite system. They can view all centers and have all permissions. Administrators should be created with caution as they have the ability to do anything. | | Team Members | Team Members are managers with limited access and visibility to the system. Each Team Member is assigned to a User Group that governs their access. | | Clients | Client Users are portal users with limited access to the client portal, typically created to allow clients to schedule online, update their information, etc. | Administrators Administrators are managed under Security > Administrators. Administrators have full control over the HostedSuite system, including the ability to: 1. Create clients, centers, and more users. 2. Delete any record permanently. 3. Manage system settings, including phone system connectivity, branding, and portal access. To ensure security, it is recommended to limit the number of Administrators and assign them strong, hard-to-guess passwords. When creating a new Administrator, the following fields can be specified: | Name | Description | | --- | --- | | First Name/Last Name | The user's first and last name. | | Email Address | (Required) The email address where the user will receive notifications. This field is required, but you do not have to specify any notifications for the user. | | Center | The user's parent center. | | User Name | The username for logging in. | | Password/Confirm Password | The password for logging in. | | Notifications | A list of possible notifications the user wants to receive. Check each one the user is interested in. | | Notification Centers | The list of centers the user is interested in for notifications. For example, checking "Reservation Scheduled" in the Notifications list and "Philadelphia" in the Centers list will notify the user only when a reservation is scheduled for the Philadelphia center. | User Groups User Groups are managed under Users > User Groups. User Groups determine what Team Members and Clients can do. Multiple users can be assigned to the same user group. There are two types of user groups: Team Member and Client. When creating or modifying a user group, the following settings are available: | Name | Description | | --- | --- | | Name | The name of the user group. | | Type | Client or Team Member. Client user groups can only be applied to Client Users, and Team Member user groups can only be applied to Team Members. | | Parent Center | The parent center for this user group. | | Roles | Specify what permissions are given to users in this user group. Hovering over each role name will display a description of the permissions the role grants. Check each role you want the user to have. | | Visible Centers | Check the boxes for each center this user group should have access to. Leaving all boxes unchecked means the user group will have access to all centers. | | Visible Tags | Restrict visible data by specifying filter tags. Only data tagged with the specified tags will be visible. | | Scheduling Cancellation Policy | Specify the cancellation policy that will be applied to reservations created by users in this user group. | Team Members Team Members are managed under Security > Team Members. Team Members are managers with restricted access to the HostedSuite system, based on their assigned User Group. Before creating a Team Member, create the necessary User Group(s). When creating a Team Member, the following fields are available: | Name | Description | | --- | --- | | Center | The parent center for this user. | | First Name/Last Name | The user's first and last name. | | Email Address | The email address where the user will receive notifications. | | Access | The User Group that this user is assigned to. | | User Name | The username for logging in. | | Password/Confirm Password | The password for logging in. | Clients Client Users are the Contacts in your database that will have access to the Client Portal. Client Users are assigned to a specific User Group, so before creating a portal login, create a User Group for your clients. Client Users are managed under Main Menu > Organization > Contacts.

How to Add a New Team Member in HostedSuite

Before adding a new team member to your HostedSuite account, ensure you have the following details ready: - Full Name - Email Address (used for login and notifications) New team members will log in using your HostedSuite subdomain. They need to enter the subdomain URL in their browser. Example:https://evo.hostedsuite.com Steps to Add a New Team Member 1. Log in to your HostedSuite account as an Admin. 2. Click on the Security menu and select Team Members. 3. Click the New Team Member button. 4. Fill in the required fields with the new member’s details. Required Information | Field | Description | | --- | --- | | Center | The parent center this user will have access to. | | First Name / Last Name | The user's full name. | | Email Address | The email address where HostedSuite notifications will be sent. | | Access | The user group assigned to this member. | | Username | The username for login. | | Password / Confirm Password | The password for logging in. | 5. Click Save to add the new team member. Once added, the new user will be able to log in using their email and password via the HostedSuite subdomain.

Configuring HostedSuite for SSL

🔐 Configuring HostedSuite for SSL Secure HostedSuite with SSL (Secure Sockets Layer) to enable encrypted access via https://. This guide is for IT administrators and HostedSuite managers. ✅ Prerequisites - Admin access to DNS and server settings - A valid SSL certificate for your domain - Access to HostedSuite installation folder - Ability to edit configuration files with admin rights Step 1: Choose a Domain Name & Purchase SSL Certificate 1. Decide on a subdomain (e.g., console.abccorp.com) for the HostedSuite console. 2. Purchase a standard SSL certificate (e.g., from GoDaddy or DigiCert) for that domain. 📝 The domain name and certificate must match exactly. Step 2: Configure DNS Update DNS settings to point your new subdomain to the HostedSuite server’s IP address. Example: If your server IP is 192.168.0.21 and your domain is console.abccorp.com, create an A record to link them. Step 3: Export the SSL Certificate to a PFX File 1. On a Windows PC, open Manage Computer Certificates. 2. Find the installed SSL certificate under Personal > Certificates. 3. Right-click → All Tasks → Export. 4. Select Yes, export the private key. 5. Choose Personal Information Exchange (.PFX). 6. Enable "Export all extended properties" and set a password. 7. Save the file (e.g., evo-console.pfx). 🔗 Useful resources: - GoDaddy Guide - DigiCert Utility - OpenSSL Option Step 4: Configure HostedSuite to Use the SSL Certificate 1. Copy the .pfx file to the HostedSuite server (e.g., C:\Program Files (x86)\Evo\HostedSuite\Bin). 2. Stop the HostedSuite service. 3. Run Notepad as Administrator and open: C:\Program Files (x86)\Evo\HostedSuite\Bin\HostedSuiteServer.exe.config 4. Locate: <appSettings> <add key="SslCertificatePath" value="" /> <add key="SslCertificatePassword" value="" /> </appSettings> 5. Add the full path and password: <appSettings> <add key="SslCertificatePath" value="C:\Program Files (x86)\Evo\HostedSuite\Bin\evo-console.pfx" /> <add key="SslCertificatePassword" value="your_password_here" /> </appSettings> 6. Save the file. Step 5: Restart & Use the Secure URL 1. Start the HostedSuite service. 2. Use the new secure URL: https://your-domain-name:21483 Example: https://console.abccorp.com:21483 ⚠️ All operators must use this new HTTPS link. 🛠 Troubleshooting Problem: Page doesn’t load - Try ping your-domain.com to confirm DNS resolution. - Check firewall or port settings (ensure 21483 is open). Problem: SSL security warning - Ensure the domain in the browser exactly matches the SSL certificate. (e.g., console.abccorp.com ≠ consoel.abccorp.com) Problem: Page keeps spinning - Check logs at: C:\Program Files (x86)\Evo\HostedSuite\Logs\HostedSuite-Server.log - Look for incorrect password or certificate errors. Need Help? Contact support and provide: - Your domain name - Screenshot of the error - HostedSuite server logs (if available)

Administrators

👤 Administrators Tab – Overview & How to Add an Admin 🧭 Overview The Administrators tab in the Evo Console allows you to view, manage, and add admin-level users with access to core features of the system. Admins can manage centers, users, settings, and other sensitive configurations depending on their assigned roles. 📍 Where to Access - Navigate to the Security section in the left-hand sidebar - Click on Administrators The main view includes a table of current admins with the following columns: - User Name: Login ID or email associated with the admin - First Name and Last Name: User's personal name - Email Address: Primary contact email - Center: The center they belong to (e.g., Main) - Notifications: Indicates if the admin receives system or client alerts - Last Modified: Timestamp and user who last updated the record Other options: - 🔍 Search by name, email, or center - 📁 Show Archived to display inactive admins - ⚙️ Columns to customize data visibility - 📄 Pagination to navigate across multiple pages of records ➕ How to Add a New Administrator To create a new admin: 1. Click the “New Admin” button at the top of the page. 2. Fill in the admin creation form fields: - First Name – Enter the first name of the user. - Last Name – Enter the last name of the user. - User Name – This is the login username or email identifier. - Email Address – Official contact email for the admin. - Center – Assign the user to a specific center. - Notifications – (Optional) Enable notifications if the user should receive alerts or system messages. 3. Click Save to create the new administrator account. Once saved, the new admin will appear in the list and have access based on permissions and roles set within their account. 🛡️ Best Practices - Limit admin access to trusted personnel only. - Use clear, professional usernames/emails. - Keep records updated—remove or archive admins who no longer need access. - Enable notifications for critical admins who monitor client activity or technical updates. 🔐 Permissions Note Admin privileges may differ depending on role type or restrictions set under User Groups. Always verify access levels if an admin cannot view or edit specific sections. 📞 Need Help? Contact Evo Support if you need assistance setting up roles, adjusting permissions, or troubleshooting admin account access.