- SMUJotFormAsked on January 07, 2014 at 06:20 PM
We are setting up templates for forms across our institution.
We have a main account and a number of sub-accounts sharing forms. Is it possible to set up a template that allows the main account to view and edit the payment information (specifically Authorize.net API login ID and transaction key) without allowing the sub-account to view and edit?
I'm thinking not, but it doesn't hurt to ask!
- JotForm SupportTitusNAnswered on January 07, 2014 at 06:47 PM
It certainly does not hurt to ask.
You can limit users from editing the form, but allowing them to view submissions:
In any case, API integrations can only be done by one person per instance.
The other users (should they be allowed to edit) can only disconnect that instance, but would not be able to view or edit that connection in any way.
Perhaps the only real concern is that they would be able to divert the payment integration to another Authorize.net account.
I hope this helps. Please let us know.
- SMUJotFormAnswered on January 08, 2014 at 07:12 PM
I'll discuss this with our IT dept. I think that not having a way to lock admins out of the configuration of the payment gateway (allowing for the possibility of deleting and diverting funds--yikes!) is going to be a big, gapping security hole for our IT folks.
We really want to be able to use JotForm for online payments but that just might not be possible. :-( We're essentially trying to figure out a work-around for the enterprise workflow thing that's currently not a part of JotForm: i.e., superadmins handle configuration and sensitive data, admins can setup, view and edit.
Are there any plans at JotForm to move towards enterprise accounts that have true sub-accounts that are only a part of the main account? Does that make sense? Do you have any other medium/large organizations that have inquired about this kind of thing on the forum that you could point me to?
I appreciate your thoughts and your time.
- JotForm SupportTitusNAnswered on January 08, 2014 at 07:36 PM
I picture a way to separate integration privilages from all other form administration tasks, that way, it can be assigned to certain user(s).
There are wokarounds that can be used to accomplish this, for instance, we could split forms into two actual forms, such that one collects generic information, and the other, which is locked away by the superadmin, submits the payment information.
I'm afraid most of the issues are on a micro-scale perspective. Enterprise level account administration, as far as I can tell, has not been mentioned (should I see a thread I will proptly update you).
If you have a particular product in mind, and how you prefer it to work, please share it with us, and we will process a feature request to test viability, and if possible, roll it out.
Please let us know.
- SMUJotFormAnswered on January 09, 2014 at 12:21 PM
Ha! Great minds! I had the idea yesterday driving home from work that separating the data collection form from payment collection form might work. I'm going to run this past my team to get an idea of all the things I'm not thinking about with that idea. *big smile*
If I'm understanding your last paragraph "ask" correctly, the product that we're comparing this to is a fundraising system called Harris Connect--used by the education world for managing alumni relations and donations. But I guess any kind of management system like SalesForce or WordPress even, is a similar model...basically where there's admin/user management. So instead of having independent sub-accounts as JotForm does now, the organization purchases an...installation, if you will...which creates the superadmin account; which then creates all admin user accounts; which are contained within that single "installation." I'm not sure if enterprise is the correct term for this (and I imagine it's a huge infrastructural shift that JotForm might not be interested in taking!), but this is what we're trying to simulate. Does that answer the question? Or am I being redundant and/or convoluted? :-)
I'm going to take a look at the Use Cases and see what I can see there.
I appreciate all your time, TitusN.
- JotForm SupportTitusNAnswered on January 09, 2014 at 01:48 PM
Thank you Vanessa,
On the contrary, your response is not convoluted :-) It clarifies what I thought you needed:
Various levels of Account administration that stipulates privilages at each level of user designation:
1. Main/Super Account - All Privileges - managing integrations and payments being key
2. Lower Level 1 - Edit forms (apart from integrations and payment tools), administer submissions - Cannot delete forms
3. Lower Level 3 - Administer submissions only.
4. Lower Level 4 - View Forms only.
If this is what you have in mind, I will forward it as a feature request, I can't promise much, though, other than it will be considered and possibly deliberated at the development level.
This thread will be updated to that end.
Should your design team consider my suggested approach (Placing protected from into normal form, thereby separating privileges), we will be at the ready to assist.
- SMUJotFormAnswered on January 10, 2014 at 02:47 PM
Cool, TitusN. Yes, please forward as a feature request. It's great to know that you'll pass it along for consideration. I really appreciate it.
And if you don't mind talking this through with me, let me just make sure I'm understanding the concept/process flow of the protected form inside normal form:
1) Dept admin creates normal form.
2) Super admin creates payment form.
3) Dept admin adds conditional to submission that redirects user to payment form.
4) Reporting for normal form available for viewing by both admins.
5) Reporting for payment form only available to super admin with the caveat that a daily or weekly report for that form can be set up to auto-send to the dept admin. Or am I making this up? ;-)
You're not saying that we could actually embed the the payment form into the normal form? (Hmmm...that might be interesting.(
Anyway, my team and I will hammer out the manual processes required for this possibility. It could be a very viable solution. At least for the interim.
Again, I appreciate your timeliness and willingness to think through it with me.
- JotForm SupportTitusNAnswered on January 10, 2014 at 03:11 PM
Thanks for getting back.
I have submitted the feature request: Adding additional control for payment and integration option in Sub-account management.
Keeping in mind the implementation of all five points in your response:
Both of these options could be implemented:
1. Redirecting (using conditional rules)users to a payment form (that can be pre-populated with values from previsous form) - Lots of options here
2. Embedding a payment form onto the main form, that can also appear for filling out and payment using conditional rules. - This will need some tweaking to get it to work per specifications
I hope that made sense. We could start with mock-up forms and see how this would work.
- SMUJotFormAnswered on January 10, 2014 at 07:32 PM
Sweet! I'll try testing each option and add to this thread if I get stuck?
Have a lovely weekend!
- JotForm SupportTitusNAnswered on January 10, 2014 at 07:44 PM
Certainly. :-) We are here to help.