Customer Access to Data
Customers can get access to the data in their dedicated SQL Database using the OData Service (see specific articles on LMS365 Help Center on how to use this, for example via Microsoft PowerBI).
From within LMS365 Global Configuration, the customer can generate an API Key, which provides access to the OData Service. It will be the customer’s responsibility to protect access to this key. The customer can also change and revoke the API Key from LMS365 Global Configuration.
Using the API Key the customer can also update their data in LMS365 using LMS365 APIs (see https://api.365.systems/docs).
2nd Party Access to Data
Under normal operational circumstances, ELEARNINGFORCE Product Development and Support Staff (2nd party) will never access the customer's dedicated SQL Database and/or data.
Support Staff will from time to time require access to Customer’s Data when investigating an issue reported by the customer.
Access to production systems is always controlled and supervised by our core Development Team and only allowed from protected IP ranges. To ensure just-in-time access only to authorized staff Azure AD Privileged Identity Management is used with multi-factor authentication enforced to activate the role.
All staff have signed our Confidentiality Agreement.
3rd party Access to Data
3rd party is defined as anyone that are not the Customer or ELEARNINGFORCE Product Development or Support Staff. Examples of 3rd parties are ELEARNINGFORCE Professional Services, ELEARNINGFORCE Partners or other trusted external specialists hired by the customer.
If relevant Customer can provide 3rd party access to Customer Data in LMS365. For example, to have 3rd party help with programmatically creating ready-made content (ex. Storyals or Microsoft Learning Pathways material) or have 3rd party create Power BI dashboards, Microsoft Power Automate Flows or Power Apps that have access to the customer's LMS365 data. For such uses the Customer can share their API Key with 3rd party.
Customer will always control the API Key and can change or revoke the API Key, which will instantly remove all access to Customers Data via this API Key.
When a Customer performs a change to their API Key, a time stamp and the identity of the user performing the change will be logged.