Security Settings

Quick Summary: Protect your church's sensitive data with password policies, session management, comprehensive audit logs, and secure API key controls.

Overview

Security Settings is your control center for protecting the sensitive information your church stewards: member contact details, donor giving history, pastoral care notes, and confidential communications. This section lets you establish password requirements, configure automatic session timeouts, review detailed audit logs of who accessed what data and when, and manage API keys for custom integrations.

Church data breaches can devastate trust and violate both ethical and legal obligations. Relius takes security seriously with enterprise-grade encryption, secure authentication, and comprehensive logging—but the configuration matters. Security Settings puts you in control: you decide how complex passwords must be, how long sessions can remain active, which actions require additional verification, and who can access sensitive areas.

Think of security as both prevention and accountability. Strong password policies and session management prevent unauthorized access. Audit logs provide accountability by recording every action, creating a transparent trail that helps you investigate incidents, demonstrate compliance, and build confidence that data is handled responsibly. For most churches, configuring these settings once during initial setup, then reviewing quarterly, provides robust protection without creating friction for daily work.

Key Concepts

Password Policy: Rules governing password complexity, length, and expiration to prevent weak credentials
Session: An active login period that begins when a user logs in and ends when they logout or the session expires
Session Timeout: Automatic logout after a period of inactivity to protect unattended computers
Audit Log: A chronological record of all significant actions performed in the system, including who, what, and when
API Key: A secure credential used by external applications to access Relius data programmatically
Two-Factor Authentication (2FA): An additional security layer requiring both password and a time-based code

Getting Started

Step 1: Access Security Settings

From your dashboard, navigate to Administration → Security. You'll see tabs for Password Policy, Session Management, Audit Logs, and API Keys. Start with Password Policy to establish baseline security requirements.

Step 2: Configure Password Requirements

Set minimum password length (recommended: at least 12 characters), require a mix of uppercase, lowercase, numbers, and special characters, and decide whether passwords should expire periodically. Enable password history to prevent users from reusing recent passwords. Click Save Policy to apply these rules to all future password changes.

Step 3: Set Session Timeout

In the Session Management tab, configure how long inactive sessions remain valid. Most churches use 30-60 minutes for general staff and 15-30 minutes for users with access to financial data. This ensures that unattended computers automatically log out, preventing unauthorized access if someone walks away from their desk.

Step 4: Review Audit Logs

Visit the Audit Logs tab to see recent activity across your Relius account. Filter by user, action type, date range, or specific records to investigate specific events. Familiarize yourself with the log format so you can quickly answer questions like "Who deleted that member profile?" or "When did we send that email campaign?"

Features

Password Policies

Password policies enforce minimum security standards for all user accounts. When you set a policy, it applies immediately to new passwords (when users sign up, reset passwords, or voluntarily change them) but doesn't force existing users to change passwords unless you enable password expiration.

Recommended settings for most churches:

Minimum length: 12 characters (balances security and memorability)
Complexity: Require at least one uppercase, one lowercase, one number, and one special character
Password expiration: Optional; 90 days for high-security environments, disabled for most churches
Password history: Prevent reuse of last 5 passwords
Common password blocking: Reject passwords from known breach databases (e.g., "Password123!")

Example: First Baptist Church sets a 14-character minimum with complexity requirements but disables expiration. They reason that forcing quarterly password changes leads to weaker passwords (people just increment numbers), while longer, complex passwords that don't expire provide better security when combined with 2FA for admins.

Session Management

Sessions represent active logins. When someone logs into Relius, a session begins and remains valid until they logout, the session times out due to inactivity, or you manually terminate it. Session management settings control how long sessions stay active and what triggers automatic logout.

Key session settings:

Idle timeout: Log out after X minutes of inactivity (default: 30 minutes)
Absolute timeout: Force logout after X hours regardless of activity (default: 8 hours)
Remember me: Allow users to stay logged in for 30 days on trusted devices
Concurrent sessions: Limit users to one active session (logging in elsewhere logs out previous session)

Balance security with usability: shorter timeouts are more secure but frustrate staff who get logged out frequently. Consider role-based timeout policies—admins get 15-minute idle timeout, while general staff get 60 minutes.

Scenario: Your finance team works with giving data in secure offices with locked doors. You set a 60-minute idle timeout for their accounts, trusting physical security. But for admins who might access Relius from coffee shops, you enforce 15-minute timeouts and disable "remember me" to protect credentials on shared or mobile devices.

Audit Logs

Audit logs record every significant action in Relius, creating a comprehensive history for accountability, troubleshooting, and compliance. Each log entry includes the user who performed the action, exactly what they did, which record(s) were affected, when it happened, and the user's IP address.

Common audit log uses:

Investigating changes: "Who updated this member's address?" Check the member's audit log to see the user and timestamp
Security monitoring: Review login attempts, failed authentication, and unusual activity patterns
Compliance reporting: Demonstrate who accessed sensitive donor data for regulatory audits
Troubleshooting: Trace the sequence of actions leading to a problem ("Who deleted the Easter event?")
Training: Review what new staff are doing to ensure proper system usage

Logs are retained for 1 year by default (configurable up to 7 years for compliance needs). Export logs as CSV for long-term archival or analysis in external tools.

Example: A donor calls claiming they never received a tax receipt. Check audit logs to see that their email bounced in January, then someone updated their email address in March but forgot to regenerate the receipt. Logs prove you attempted delivery and show exactly when the address changed, helping you provide great customer service.

API Key Management

API keys allow external applications and custom integrations to access Relius data programmatically. For example, if you build a custom iOS app that displays upcoming events, that app needs an API key to authenticate requests to Relius's servers.

API key best practices:

Create keys for specific purposes: "Mobile App API," "Website Integration," "Data Sync Script"
Assign minimal permissions: Each key should only have access to the data it needs (e.g., "Events: Read Only")
Rotate keys regularly: Regenerate keys every 6-12 months or immediately if compromised
Monitor usage: Track API calls per key to detect unusual activity or abuse
Revoke unused keys: Delete keys when integrations are retired to reduce attack surface

When you create an API key, Relius displays the secret key once—copy it immediately and store securely (like in a password manager or environment variables). If you lose the key, you'll need to regenerate it, which breaks the integration until you update the application with the new key.

Advanced Options

IP Whitelisting

Restrict access to Relius from specific IP addresses or ranges. Useful if your staff always works from the church office or specific remote locations. Enable IP whitelisting and add approved addresses; login attempts from other IPs will be blocked even with correct credentials. Caution: can lock out mobile/remote workers if not carefully planned.

Failed Login Lockout

Protect against brute-force password attacks by locking accounts after a certain number of failed login attempts. Set the threshold (e.g., 5 failed attempts) and lockout duration (e.g., 30 minutes). Admin users can manually unlock accounts from the User Management dashboard if legitimate users get locked out.

Sensitive Data Access Alerts

Configure real-time notifications when users access particularly sensitive information. For example, send an email to the senior pastor whenever someone views a specific donor's giving history or opens pastoral care notes for a high-profile member. Helps detect unauthorized snooping.

Audit Log Retention Policies

Extend log retention beyond the default 1 year for regulatory compliance or legal requirements. Some churches in highly regulated environments keep logs for 7 years to match financial record retention policies. Configure automatic archival to cold storage after 1 year to manage database size.

Role-Based Session Policies

Set different session timeout durations based on user role. Admins get shorter timeouts (15 minutes), financial staff get moderate timeouts (30 minutes), and general staff get longer timeouts (60 minutes). Balances security risk with usability for different access levels.

Custom Audit Log Exports

Create scheduled reports that automatically export audit logs matching specific criteria. For example, export all "Giving: View Donor History" actions weekly and email the report to your financial oversight committee. Enables ongoing monitoring without manual log reviews.

API Rate Limiting

Protect your Relius account from abuse by limiting API requests per key. Set hourly or daily limits based on expected usage patterns. If an API key exceeds the limit (potentially indicating a runaway script or malicious activity), requests are temporarily blocked and admins receive an alert.

Security Event Notifications

Enable email or SMS notifications for critical security events like admin password changes, new user creation, API key generation, or login from a new device. Provides real-time awareness of potentially suspicious activity so you can respond quickly.

Best Practices

Require longer passwords over complex rules – A 14-character passphrase beats an 8-character password with special characters
Enable 2FA for all admins and financial staff – Passwords alone aren't enough for sensitive access
Review audit logs monthly – Look for unusual patterns, unexpected access, or policy violations
Set role-appropriate session timeouts – Balance security and usability based on access level
Rotate API keys annually – Treat them like passwords that need periodic changes
Document your security policies – Write down your password requirements, timeout settings, and rationale so future admins understand the decisions
Test lockout procedures – Verify that failed login lockout works and admins know how to unlock accounts
Assign API keys minimal permissions – Never give an integration "full access" when it only needs read access to events
Monitor high-privilege accounts closely – Set up alerts for actions by admins and financial staff

Common Questions

Q: Should we force password changes every 90 days?

A: Modern security guidance says no—frequent forced changes lead to weaker passwords (users just increment numbers or reuse passwords with minor modifications). Instead, use longer minimum lengths (12-14 characters), enable 2FA for sensitive roles, and only force changes when you suspect compromise.

Q: Can we see who viewed a specific donor's giving history?

A: Yes! Open the donor's profile, click the audit log icon, and filter for "View Donor History" actions. You'll see every user who accessed the page, when they did it, and from what IP address.

Q: What happens when someone's session times out?

A: They're automatically logged out and redirected to the login page. Any unsaved work is lost, so encourage staff to save frequently. Consider implementing auto-save for long-form content like sermon notes or email drafts.

Q: How do we handle API keys when a developer leaves?

A: Immediately revoke all API keys associated with that developer. Generate new keys, update your applications with the new credentials, and test integrations to ensure they still work. Treat API keys like passwords—change them when someone with access departs.

Q: Can we recover deleted audit logs?

A: No. Once logs reach the end of their retention period (1-7 years depending on configuration), they're permanently deleted. Export important logs to external archival systems if you need longer retention for legal or compliance reasons.

Q: What's the difference between audit logs and user activity logs?

A: They're the same thing, just different terminology. Both refer to the comprehensive record of actions performed in Relius. User activity logs focus on what a specific person did; audit logs provide a system-wide view of all activity.

Q: Should we enable IP whitelisting for better security?

A: Only if your staff consistently works from fixed locations (church office, specific homes). IP whitelisting dramatically improves security but breaks access for mobile workers, coffee shop WiFi, or travel. For most churches, 2FA provides better security without location restrictions.