If you are a Salesforce or HubSpot customer, SafeBase has the option to connect to these tools to streamline the access request flow. Customers frequently ask what options they have in terms of our custom CRM rules engine that allows for more specific automatic approval of requests based on CRM data. In a nutshell, we are able to read standard or custom fields at both the Contact and Account (SFDC)/Company(HubSpot) level.
Here is a pretty typical workflow that we configure for some of our customers:
A user submits an access request to a public Trust Center.
The SafeBase app then queries the CRM to see if there is an Account/Company with a Contact with the same email address domain as the requestor. We typically recommend this as the security reviewer is usually not entered in as a Contact. In this way, the buyer's security reviewer colleague can still be approved.
If an Account/Company was not found, then the request goes to the queue for manual approval.
If an Account/Company was found, then we check the Type field.
If the Type field is Customer, this indicates that this is an existing Customer, and an NDA has already been signed. These Accounts/Companies are trusted and the request can be auto approved, and no additional NDA is needed.
If the Type field is Prospect, we then check to see if the MNDA field is set to True. If so, then the request is auto approved and no additional NDA is needed.
If the MNDA field is null, or set to False, then the request is still auto approved, but the user will have to sign an NDA through SafeBase.
For all other Accounts/Companies, SafeBase was not able to gather any information about them, so the request will go to the queue for manual approval.
For other workflows, we also support the following:
Using the Domain/Website field rather than relying on Contacts. This is used by customers who have a lot of Accounts/Companies without corresponding Contacts.
We can mix and match any number of conditions using AND/OR conditions. For example, we can auto approve if Type = Customer OR MNDA_Signed__c = True to allow for a company to be auto approved as long as they have an NDA signed, even if they aren't paying yet.
We also use custom rules for NDA overrides and not just automatic approval. We can have customers be auto approved based on certain conditions, but still have them sign a DocuSign/Clickwrap NDA.
It's also possible to use negative conditions with auto approvals. For example, one of our customers allows for any request to be automatically approved as long as the Type is not equal to Competitor.
If you are using Permissions Profiles to provision access to certain documentation for accounts accessing your Trust Center, we can use existing data in your CRM to determine which profile they are assigned on auto-approval.
Ex: Type = Customer - Product1 gets assigned the Product1 permission profile in SafeBase.
We can check any standard or custom field in your HubSpot/Salesforce instance, as long as the integration user has read permissions.
Tiebreaker scenarios. There may be cases where multiple Accounts meet the conditions you specify. In these cases we are able to configure tiebreakers based on the following to determine which Account to use, and to further increase the chances of automatic approval:
Most recently modified
Most number of Contacts
Use the Account that matches the requestor's Company Name
Use the Account with a Website field matching the requestor's email address domain
Once your custom rules have been set up by the SafeBase team, you will be able to see the logic visually in the Settings page under the Accounts and NDA sections:
Contact us for any other questions you may have on our CRM rules engine capabilities.