Security and Protection for RUN users
With TagoRUN, you can add actions and methods to increase your application's security and protect your Run users. These controls help your application comply with data-privacy and security laws by providing end-user safeguards to prevent inappropriate access to personal data.
By accessing the Run module and selecting the "Security and Protection" tab, you can implement and customize:
- How account delete requests will be processed
- Two-Factor Authentication (2FA) options for end users
- Password creation requirements (strength rules)
- User session duration and management
- Protection against automated (robot) activities using captcha
Delete request process
This section configures how your application handles end‑user requests to delete their account. The available actions include sending a notification to the profile owner, immediate deletion, or triggering an analysis to perform custom cleanup tasks. Choose the action that best fits your privacy and audit requirements.
You can choose to enable the following options:
- Send an e‑mail to the profile owner – you can receive an e‑mail and manually process the request through the User Management module.
- Immediately delete user account – you can consent to TagoIO to process the request and immediately delete the user account.
- Run an Analysis – you can implement a script to analyze and process the requests using Analysis and our SDK.
TagoIO will never remove any Run User data without your consent. To allow the immediate deletion of an end‑user, you must activate the option “Immediately delete user account”.
Two-Factor Authentication (2FA) for End-Users
Enable 2FA to add an extra layer of security for user logins. Available methods in the Run UI include:
- App Authenticator (recommended for most users)
- SMS (note that SMS messages may incur billing)
- Email (note that emails may incur billing)
Once 2FA is activated, users can navigate to their Account Settings to configure their preferred authentication method, similar to the Two‑Factor Authentication setup available on Admin.
You can also enforce 2FA if any method is enabled.
Notice that each e‑mail and SMS sent to Run users will be counted as 1 transaction from the respective service. Make sure to allocate the right amount of these resources to your profile. Read more about Allocating Resources to profiles.
Password strength
Configure password rules to meet your security policy:
- Require upper and lower case letters
- Require a mix of letters and numbers
- Require special characters (examples: !, &, …)
- Set a minimum password length (e.g., 8 characters)
Just like other features within TagoRUN, you can customize the appearance and sentences used for these features on mobile and on the web through the Run Theme and Dictionaries & Multi‑language.
User session management
Set the session expiration to control how long a user stays logged in before re‑authenticating. The UI provides a selector for duration (for example, 3 Months).
You can set the session expiration to occur after a specific number of hours, days, weeks, or months, depending on your security requirements and user convenience.
Enabling Captcha
Enable captcha to reduce automated or bot activity on signup and other user actions. The UI offers a checkbox to request a captcha test and enables captcha protection when active.
Captcha protects your application from automated actions such as web scraping, spamming, and brute‑force password attacks by ensuring that only genuine human users can proceed.