⚠️ Storable ID is being tested by a small number of customers and is not yet available to all customers.

What is Storable ID?

With Storable ID, you can log into SiteLink by Storable - and eventually, all Storable applications - with a single user account instead of separate logins per app or facility. A new Single Sign On (SSO) dashboard has been created for this purpose and includes Multi-Factor Authentication (MFA) for enhanced security.

This FAQ includes answers to common questions about implementing Storable ID and preregistration steps to ensure a smooth transition.

Watch this short video for a walkthrough of the Storable ID setup process:

Does my organization need to implement MFA?

Registering your organization for Storable ID is optional but recommended for enhanced security and PCI compliance. In order to meet Payment Card Industry Data Security Standard (PCI DSS) protocols, your organization may be required to implement Multi-Factor Authentication (MFA) by March 31, 2025. By creating a Storable ID, you can transition your company’s login process to meet this requirement.

The most common category of cyberattacks is called Account Compromise Attacks, where cybercriminals obtain valid credentials either from the dark web or by tricking individuals into providing their login credentials. Once acquired, they can easily log into your systems and access sensitive operational and tenant data.

The most effective way to prevent this type of attack is by implementing MFA. A Microsoft study (*source) found MFA to be 99.9% effective at blocking account compromise attacks. It’s also worth noting that beginning on March 31st, MFA will be a requirement by the PCI DSS regulation for any system with access to cardholder data.

How does logging into SiteLink with Storable ID work?

If you choose to enroll your organization in Storable ID, the SiteLink login screen will be updated to redirect users to the Storable SSO dashboard when they click the Log in button. After clicking Log in, the SSO dashboard login screen will open in your internet browser. Users will be prompted to set up an authentication method on the first login. At future logins, users will be asked to enter their login credentials and a verification code from their verification method.

What should I be aware of before registering my organization for Storable ID?

• Once Storable ID is turned on for your organization, it cannot be turned off.
• If you enable Storable ID for your organization, it will be turned on for all facilities associated with your SiteLink account.
• Storable ID requires Multi-Factor Authentication (MFA) and users can utilize one or more of the following methods of authentication: Google Authenticator, Okta Verify App, Security Key or Biometric Authentication, and/or Email.
• After registration, all users on your account will be prompted to set up a Storable ID and MFA. 
• You will have the choice to make Storable ID required or optional for users. Please note that MFA is required for PCI compliance.
• User roles (Managers and Sales Associates) and settings of existing users will not change when using Storable ID. Once Storable ID is implemented for your organization, users will be created and configured in the Storable ID portal.

What do I need to do before registering?

These steps will help ensure a smooth transition for SSO & MFA:

1. Identify administrative user(s) responsible for implementing Storable ID. Other administrative users not responsible for MFA activities do not need to take action. If MFA is activated without consulting the rest of your team, your organization will likely experience widespread login issues.
   
   
2. If your employees share email addresses, we recommend giving each user an individual company email to simplify registration, login, and MFA. If you choose not to provide individual email addresses, please be aware of the following:
   • Each employee who shares an email address will need to create a unique username. The username doesn’t have to be a valid email but must be formatted as an email address (Ex: john.doe@yourcompany.com). We recommend identifying the username format you wish your employees to use.
   • Employees with a shared email will not be able to reset their own passwords via email and may be required to contact an Admin user to get a temporary password.
   • Employees with a shared email cannot use email for Multi-Factor Authentication (MFA).
   • If employees with a shared email make too many login attempts, they will be required to contact an Admin to unlock their account.
     
     
3. Decide which authentication method(s) you will allow your users to choose from. You can select one or more of the following: the Google Authenticator app, the Okta Verify app, Security Key or Biometric Authentication, and/or Email. If you choose Google Authenticator and/or Okta Verify, users must download the desired app on their phones.
   
   
4. Decide if you will make Storable ID optional or required. If Storable ID is optional, users will be prompted to set up Storable ID each time they log in; however, they can skip setting it up. We recommend starting with this setting as optional and choosing a date to make it required. This gives your employees time to complete registration while ensuring they can still access the system if any issues arise while it is optional. Be sure to communicate with your team throughout the process so everyone is prepared before access becomes mandatory. Once you make Storable ID required, you cannot change it back to be optional.
   
   
5. Decide on security settings for your users.
   • Lock-out policy for failed attempts: Should users get locked out of the software after failing to log in? If so, how many attempts will you allow before lockout? Users who get locked out will need to contact an administrator at your organization to regain access. The maximum number ot attempts you can set is 10.
   • Multi-factor challenge frequency: How often will users need to complete an MFA challenge? You can set challenge frequency between 1 and 14 days.
     
     
6. Communicate with your organization.
   • Communicate with admin users about registration and who will register.
   • Communicate with non-admin users about what to expect after registration (e.g., they will be prompted to set up their Storable ID and MFA. Depending on your settings, they may need to download an authentication app).
   • If users will be using Google Authenticator or Okta Verification, you may want to encourage users to install the correct app in advance. Please be aware that there may be copycat apps in the App Store, and ensure everyone is using the official app. Google Authenticator and Okta Verification do not cost anything.
   • If there were screens users previously accessed by entering their SiteLink login credentials, they will now use a PIN. They will be prompted to set your desired PIN at first use.
   • We’ve created communication recommendations and a template to help you communicate with your employees.

What resources are available to help me set up Storable ID at my organization?

To support you in rolling out Storable ID, we've put together helpful resources:

• Employee Communication: Use our communication recommendations and template to inform your team about Storable ID.
• Admin Setup: Follow the steps in our Storable ID Enablement Guide for Admins to enable it for your organization.
• Employee Setup: Direct your team to the Storable ID Enablement Guide for Non-Admins for their setup instructions.
• MFA Setup: If you're using Okta Verify or Google Authenticator for multi-factor authentication, refer to our MFA setup guide for step-by-step instructions.
• User Management: After Storable ID is set up, learn how to manage users in the Portal with our User Management Guide.

Enable Storable ID and configure your Storable ID settings

Once you're ready to enable Storable ID, follow the instructions in our article: Storable ID Admin Enablement Guide.