By restricting user log in access, you'll prevent employees from accessing your Retail POS store remotely. Restricted users will only be able to log in from a device already logged into by an unrestricted user, like an Admin.

To restrict user log in access:

1. Log in to Retail POS as an Account Owner or Admin user.
2. Navigate to Setup > Security.

   

3. Under Log in access, select Only has access to log in through user switching.

   

4. Under Role specific settings, configure roles that require log in access by clicking the Log in access dropdown and selecting Has access to log in.

   

Once these settings have been enabled, restricted users can't access Retail POS using login credentials. Restricted users must use user switching from an already logged-in device.

Users must re-identify themselves after each sale by selecting their username or entering their username and password to prevent unauthorized access.

Setting automatic log out after a period of inactivity

If a user stays logged in, this can cause security concerns. Another user may accidentally forget to switch to their own account, causing discrepancies, or a user with less access may have unauthorized access to an account with more permissions.

An Admin can change the settings to customize the period of activity when a user will remain logged in, with the user automatically logged out after a period of inactivity. To do this:

1. Navigate to Set up > Security.
2. In the Inactivity re-authentication section, click the checkbox next to Require logging in after inactivity.

   

3. Enter the desired amount of time in hours and minutes when a user will remain logged in. The minimum amount of time you can set this to is 5 minutes, and the maximum is 24 hours.
4. Click Save changes.

After the specified period of no activity, Retail POS will automatically navigate to a re-identification page. Any user can log in from this page.

The user will be redirected to the most recently used page prior to re-identification. If the newly logged-in user doesn't have access to this page, they will be notified that they do not have access and will receive a prompt to navigate to a different page.

Understanding re-authentication timer settings on iOS

On iOS, the authentication timer doesn't record activity coming from connected hardware, such as external keyboards. For example, if an iPad only receives input from an external keyboard, this will treat the iPad as being inactive.

If an iPad goes to sleep, the re-authentication timer freezes and does not count time asleep as inactive time.

If there is a pre-loaded cart on iOS and a different user signs in when re-authenticating, the cart will still exist.

What's next?