Intrro has built-in single sign-on capabilities for Google accounts via OAuth 2.0. If a user provisions their account via OAuth 2.0, they'll never need to set a password to log in with Intrro.
Intrro includes three user role levels to help you manage permissions and access throughout your workspace.
Admins – can manage users and billing
Recruiters – can view all referrals and leads, create, edit, and update projects and data
Employees – can view and respond only to their own contacts and network data
Intrro employs industry-standard techniques for password management, encryption, storage, complexity, and reset.
Encryption and storage
The Intrro web application user authentication system uses Bcrypt to hash and salt user passwords. Each password has a uniquely generated salt, and the 'pepper' is stored independently from the database.
The Intrro web application enforces a strong password complexity standard and require user passwords to have at least:
1 lower case character
1 upper case character
1 special character
Failed login attempts
The Intrro web application prevents brute force attacks (for password based authentication) by locking the targeted user account after 5 failed attempts. A notification email is sent to the user that includes a link that can be used to unlock the account.
In the event that a user forgets their password, a user can request their password be reset via a link that is sent to the user's verified email address. This link expires within a limited amount of time if not used.
Intrro encourages customers and users to leverage a password manager to maintain, store, and fill strong passwords when using Intrro.
Can my organization request to modify the DPA?
We are unable to accept modifications to our DPA.
Have you adopted the new Standard Contractual Clauses?
Yes. In light of the new Standard Contractual Clauses adopted and approved by the European Commission, we have updated out DPA to incorporate the SCCs. You can learn more at New SCCs & the GDPR.