Managing Back Office Users in Eventact

April 12, 2026 | 5 min read

As your organization grows, Eventact provides detailed control over back-office access, user actions, and account security. This guide explains the responsibilities of Company Admins and Security Admins, as well as the tools available to manage a secure team environment.

Adding a New User

To add a new manager, navigate to Settings → Security → Managers and click Add Manager.

Each manager account requires:

• Display Name — Shown in the system and operation logs.
• Email — Used for notifications, recovery, and Email 2FA.
• Mobile — Required if using SMS 2FA.
• Password — Must contain at least one letter and one digit (minimum 12 characters by default).
• Language — Sets the user's interface language.

Tip: Select Send login details by email to automatically deliver credentials to the new manager after saving.

Roles and Permissions

Roles define a manager's access level. Managers can hold multiple roles simultaneously.

Company-Wide Roles

• Company Admin — Full access to all company settings and all events.
• Security Admin — Manages users, unlocks accounts, monitors login history, and receives alerts.
• Director — Read-only oversight access across the entire company.
• Projects Admin — Manages event-level settings and configurations.
• Operator — Day-to-day operational access (registrations, attendees).
• Bookkeeper — Access restricted to financial data and accounting.

Event and Module-Level Permissions

For contractors or temporary staff, grant access for specific events and modules (such as Registration, Abstracts, Website, Meetings, or Event App). This arrangement prevents access to other projects and sensitive company settings.

Two-Factor Authentication (2FA)

After entering a password, managers must verify their identity through a second factor. Eventact supports three methods for 2nd factor authentication:

• Email
• SMS
• Authenticator Apps

Why Use an Authenticator App?

Although Email and SMS are available, both can sometimes fail or experience delays.

• For on-site event staff, access to email and cellular network is sometimes not 100% guaranteed, and time is critical.
• SMS: Signal is often weak in hotel basements and convention centers, and it can be even weaker when using cellular roaming outside the home country.
• Authenticator apps generate codes instantly on your device, speeding up verification.
• Authenticator apps operate offline and don't need a cellular signal, Wi-Fi, or any connection to an email server.
• Any standard app can be used, including Google Authenticator, Microsoft Authenticator, or an iPhone Passwords app.

Setup: Managers enable or disable this through User Menu → My Account → Set up Authenticator App.

Login History & Auditing

Security Admins can review a full log of login activity by going to Settings → Security → Login History. This log is filterable by manager or date and tracks:

• Time & Manager — Exactly who logged in and when (adjusted to your company's timezone).
• Location — IP address and country of origin.
• Technical Details — Device type, OS, and browser (e.g., "iPhone, iOS, Safari v17").
• Result — Success or failure, including specific reasons (wrong password, IP not allowed, etc.).

This tool helps investigate suspicious patterns, such as successful logins at unusual hours or repeated failures followed by success.

Security Alerts & IP Unblocking

Security Admins receive email alerts for suspicious activity, including repeated failed login attempts and attempts to download sensitive data.

Automatic IP Blocking

After repeated failed attempts from the same IP address, that address is temporarily blocked. Security Admins can manually unblock IPs via Settings → Security → Blocked IPs.

How to Resolve a Blocked IP

In a live event environment, you cannot afford to wait. Security Admins can resolve this immediately:

1. Go to Settings → Security → Blocked IPs.
2. Find the blocked IP address.
3. Click Unblock.

Important: Designate at least one Security Admin at every event with active login access and knowledge of this process before the event begins.

Password Complexity

• Customizing Length: A Security Admin can adjust the minimum length in Settings → Database → Company Config. Add the key PasswordMinLength and set your value (e.g., 14).
• Expiry: When passwords approach their expiry date, managers will see a warning in the navigation bar.

Quick Reference: Who Can Do What?

Action	Who Can Perform It
Add / Edit Managers	Security Admin or Company Admin
Delete a Manager	Security Admin
Unlock a Locked Account	Security Admin or Company Admin
Unblock a Restricted IP	Security Admin
Review Login History	Security Admin or Company Admin
Change PasswordMinLength	Security Admin (via Company Config)
Assign Event / Module Permissions	Company Admin