Client Security Health Check

Best practices to optimize the security of your use of Namely

It is important to take the necessary actions to protect your organization and users, as bad actors are opportunists and companies of all sizes are equally at risk. We recommend that clients periodically perform a security health check of their Namely instance to proactively identify any potential security issues or misconfigurations.

Here are a few best practices within the platform to optimize the security of your use of Namely:
 

  • Single Sign On - Namely offers SSO/SAML login options to make it difficult for scammers to gain access to your Namley site. Clients can pair SSO/SAML with multi- and two-factor authentications to make it even harder for scammers.

  • Login History - The Credential History log records all user logon events including the source IP address. Navigate to Company > Reports > Credential History

  • Roles and Permissions - Review your organization’s roles and permissions to ensure that sensitive data on employee profiles is only visible to the correct internal partners. This can help limit exposure in the case that a single user account is compromised. Navigate to Company > Settings > Employee Data. We recommend reviewing the following sensitive fields: Salary, Salary history, Bonus, SSN, Banking information

  • Audit Reports - The Audit Reports record recent changes for Access Roles, Permissions, and Fields. We recommend reviewing recent changes to make sure there were no unauthorized or inadvertent changes.

  • System Log - The system log also records changes to your Namely instance. The system log is not comprehensive and does not guarantee capture of all edit types. However, it is a very useful tool to identify changes to users and profiles. To review the system logs navigate to “<yourdomain>.namely.com/system_logs”


If you discover a potential issue when performing a security health check, the Namely Security team is available to review specific instances of suspicious activity. Just submit a case in the Help Community and mark it urgent.