System Settings
System settings control the global behavior and appearance of HCSS Events Platform. All settings are organized into four categories: Branding, Email, Security, and Notifications.
Navigate to Admin > System Settings to access these configuration panels.
Modifying any setting requires the SystemSettings.Manage permission. Users with only SystemSettings.View can see the current values but cannot make changes.
Branding​
Branding settings control how the platform appears to all users across the platform, including the login page, navigation header, and email templates.
| Setting | Description | Constraints |
|---|---|---|
| Company Name | The organization name displayed in the header, login page, and email footers. | Required. Max 100 characters. |
| Logo | The company logo shown in the top-left of the navigation bar and on the login page. | PNG or SVG format. Max file size 2 MB. Recommended dimensions: 200x60 pixels. |
| Tagline | A short tagline or subtitle displayed below the logo on the login page. | Optional. Max 200 characters. |
| Primary Color | The primary accent color used for buttons, links, active states, and the navigation bar. | Hex color code (e.g., #1A73E8). |
Configuring Branding​
- Navigate to Admin > System Settings > Branding.
- Update any of the fields listed above.
- Use the Preview panel on the right to see how your changes will look before saving.
- Click Save Changes.
Choose a primary color with sufficient contrast against white text. The system uses this color for button labels and navigation text. A contrast ratio of at least 4.5:1 is recommended for accessibility compliance (WCAG AA).
Logo Guidelines​
- Use a horizontal/landscape layout for best results in the navigation bar.
- Transparent backgrounds (PNG with alpha or SVG) work best, as the navigation bar background color may vary.
- If no logo is uploaded, the Company Name is displayed as text in the header.
Email​
Email settings configure how outbound emails from the platform appear to recipients. These settings apply to all system-generated emails, including welcome emails, password resets, survey invitations, and notifications.
| Setting | Description | Constraints |
|---|---|---|
| From Name | The display name in the "From" field of outbound emails (e.g., "HCSS Events Platform"). | Required. Max 100 characters. |
| From Email | The email address in the "From" field (e.g., noreply@yourdomain.com). | Required. Must be a valid email address that your mail server is authorized to send from. |
| Reply-To Email | The email address that receives replies when a recipient replies to a system email. | Optional. If blank, replies go to the From Email. |
| Email Footer | Custom text appended to the bottom of all outbound emails. Commonly used for legal disclaimers or contact information. | Optional. Max 500 characters. Supports plain text only. |
Configuring Email Settings​
- Navigate to Admin > System Settings > Email.
- Update the fields as needed.
- Click Send Test Email to send a sample email to your own address and verify the settings.
- Click Save Changes once you are satisfied.
Changing the From Email may affect email deliverability. Ensure that the new address is properly configured with SPF, DKIM, and DMARC records in your DNS. Emails from an unauthorized sender domain are likely to be flagged as spam or rejected by recipient mail servers.
Email Deliverability Checklist​
Before changing email settings, verify the following with your IT team:
- SPF record -- the sending domain's DNS must include an SPF record authorizing your email service.
- DKIM signing -- outbound emails should be signed with DKIM to prove authenticity.
- DMARC policy -- a DMARC record should be in place to instruct recipient servers how to handle authentication failures.
- Sending limits -- confirm that your email provider's sending limits accommodate your expected volume (especially during large events with hundreds of survey invitations).
Security​
Security settings enforce authentication and access policies for all users.
Multi-Factor Authentication (MFA)​
| Setting | Description | Default |
|---|---|---|
| Require MFA | When enabled, all users must complete MFA on every login. When disabled, MFA is optional. | Enabled |
| MFA Method | The method used for MFA verification. Currently supports email-based codes. |
Disabling MFA is strongly discouraged. MFA is a critical layer of defense against unauthorized access, especially for accounts with administrative privileges. If you must disable MFA, document the business justification and implement compensating controls (e.g., IP whitelisting, VPN requirement).
Session Timeout​
| Setting | Description | Default |
|---|---|---|
| Session Timeout (minutes) | The number of minutes of inactivity before a user is automatically logged out. | 30 minutes |
| Maximum Session Duration (hours) | The maximum total session length regardless of activity. After this period, the user must re-authenticate. | 8 hours |
Setting a shorter session timeout improves security but may frustrate users who step away briefly. Setting it too long increases the window of risk if a user leaves their workstation unattended.
Password Complexity​
| Setting | Description | Default |
|---|---|---|
| Minimum Length | The minimum number of characters required for a password. | 8 |
| Require Uppercase | Passwords must contain at least one uppercase letter. | Yes |
| Require Lowercase | Passwords must contain at least one lowercase letter. | Yes |
| Require Number | Passwords must contain at least one numeric digit. | Yes |
| Require Special Character | Passwords must contain at least one special character (e.g., !@#$%^&*). | Yes |
| Password Expiry (days) | The number of days before a password expires and must be changed. Set to 0 to disable expiry. | 90 |
| Password History | The number of previous passwords remembered. Users cannot reuse any of the last N passwords. | 5 |
IP Whitelist​
| Setting | Description | Default |
|---|---|---|
| Enable IP Whitelist | When enabled, only connections from whitelisted IP addresses are allowed. All other connections are rejected at the login page. | Disabled |
| Whitelisted IPs | A list of IP addresses or CIDR ranges that are allowed to access the platform. | Empty |
Enabling the IP whitelist without including your own IP address will lock you out of the system. Always add your current IP address to the whitelist before enabling this feature. If you are locked out, the whitelist can be disabled via direct database access or by contacting HCSS support.
Configuring Security Settings​
- Navigate to Admin > System Settings > Security.
- Adjust the settings in each section.
- Click Save Changes.
- Security changes take effect immediately for new login sessions. Existing sessions are not terminated, but the new policies apply on the user's next login.
Notifications​
Notification settings control how and when the platform communicates with users about system events, reminders, and alerts.
Notification Channels​
| Channel | Description | Configurable |
|---|---|---|
| Email Notifications | Sends notifications to the user's registered email address. | Enable/Disable per notification type. |
| In-App Notifications | Displays notifications in the bell icon dropdown within the the platform interface. | Enable/Disable per notification type. |
Notification Types​
| Notification Type | Description | Default Channels |
|---|---|---|
| Event Status Change | An event's status has changed (e.g., Planning to Active). | Email + In-App |
| Assignment Created | A new shift assignment has been created for a caregiver. | Email + In-App |
| Survey Invitation | A new survey has been sent to a caregiver. | |
| Survey Response Received | A caregiver has completed a survey. | In-App |
| Travel Booking Confirmation | Travel arrangements have been confirmed for a caregiver. | Email + In-App |
| Password Reset | A password reset has been requested. | |
| Account Created | A new user account has been created. | |
| System Alert | System-level alerts (e.g., email delivery failures, scheduled maintenance). | Email + In-App |
Reminder Timing​
Reminders are automated follow-ups for time-sensitive actions. Configure the timing for each reminder type:
| Reminder Type | Description | Default Timing |
|---|---|---|
| Survey Reminder | Sent to caregivers who have not completed an assigned survey. | 48 hours after initial send, then every 24 hours (max 3 reminders). |
| Pre-Arrival Checklist Reminder | Sent to caregivers with incomplete pre-arrival tasks. | 72 hours before event start, then 24 hours before. |
| Travel Confirmation Reminder | Sent to caregivers who have not confirmed their travel itinerary. | 5 days before departure, then 2 days before. |
| Password Expiry Reminder | Sent to users whose password is about to expire. | 14 days before expiry, then 7 days, then 1 day. |
Configuring Notification Settings​
- Navigate to Admin > System Settings > Notifications.
- For each notification type, toggle the email and in-app channels on or off.
- For reminder types, adjust the timing intervals using the dropdowns or number inputs.
- Click Save Changes.
Avoid disabling email notifications for critical items like Password Reset and Account Created. Without these emails, users will have no way to complete onboarding or recover their accounts.
Settings Change Log​
Every change to system settings is recorded in the Audit Log. The log entry includes:
- Who made the change (user name and role)
- What was changed (setting name, old value, new value)
- When the change was made (timestamp)
This provides a complete history of configuration changes for compliance and troubleshooting.
Best Practices​
- Brand consistently -- use the same logo, colors, and company name that your organization uses elsewhere. This builds trust with caregivers who receive system emails.
- Test email settings -- always send a test email after changing any email configuration. Verify that the email arrives, looks correct, and does not land in spam.
- Set reasonable session timeouts -- 30 minutes is a good default. Adjust based on your security requirements and user workflows.
- Review security settings quarterly -- ensure password policies and MFA requirements align with your organization's latest security standards.
- Do not over-notify -- too many notifications cause users to ignore them. Enable only the channels and types that are genuinely useful for each role.
Next Steps​
- User Management -- manage the user accounts affected by these settings.
- Roles & Permissions -- control who can access and modify system settings.
- Audit Logs -- review the history of all setting changes.
- Email Outbox -- monitor the delivery of system emails.