- User creates a free account on behalf of his company.
- A few months later she/he quits (or gets fired), her/his company email is blocked.
- Someone from company wants to get access to this account.
Currently they have to get through support, to verify etc. This is time consuming.
How would you make account transferral easier?
I see the following options:
- Make them recover user’s email, log as her/him, transfer account. (not very feasible for some companies)
- Insist that user has to invite her/his coworkers as backup contacts
- Require backup email address (like general info@ or support@) so anyone from company could recover access to their account through it.
Or is there any other option? What would you recommend? Thanks!
I run marketing at a venture-backed SaaS company and wanted to share with you guys some of the ways that we (and many other SaaS companies) go about in order to create a comprehensive/effective SEO strategy.
–Let's fictitiously say that my company offers a CRM for Animal Shelters.–
IMO, the SEO strategy begins with and comes down to the keywords you intend on targeting. And I break these down into two groups. Direct and Indirect.
Direct: Keywords used to search for the specific tools…
Here's how my niche SaaS company structured our SEO strategy
I have managed projects where we have a used a third-party to do application penetration testing. Based on what I could gather, it entailed manual testing and did identify some good issues. We also used Zap to prep ourselves before we went to third-party pen testing. So familiar with that too.
I was wondering if there were SaaS solutions for pen testing that meet the following criteria:
1 – Easy to use in that canned policies exist that are meaningful. Example: You have never done any pen testing before on your app, let’s start here… You are requires to meet a specific regulation, try the following policy set …
2 – Have adequate depth and credibility (both subjective) such that the report will be accepted by a Fortune 500 company’s security team or by a SOC2 auditor (I recognize that the auditors really do not care how you did your pen test as long as you did it given that SOC2 does not really call for a pen test)
Is there a way to Integrate Multiple Payment gateway(PG) or UPI for Multiple Merchants on our SaaS application, Merchant wants his UPI to be used, to collect Payments from customer rather our PG?
Tenho uma aplicação que funcionará como um SAAS onde meu cliente tem um login e pode cadastrar seus produtos. Quero que esse usuario possa cadastrar a URL dele e que essa URL direcione para minha aplicação onde será exibido somente os produtos desse usuario(esses dados foram buscados dinamicamente baseado na URL).
Pesquisei e encontrei algumas termos como DNS, CNAME, etc… mas nada respondeu minha duvida.
Como eu posso fazer isso? eu posso fazer a URL direcionar para uma pasta no servidor? eu poderia direcionar todas as URLs para um mesmo local e ali verificar a URL atual para consultar os dados no banco de dados?
isso é possivel?, se sim qual seria a melhor abordagem? se possivel eu gostaria de usar plataformas como Heroku e AWS.
In this scenario. I have a small SaaS where companies can claim their company pages and turn wiki pages in official pages.
Collaborators of a claimed company can make login and have access to a private area where they can do things like upload of photos, update addresses or institutional info basically.
My question is about the brand identity of this set of pages. The company must see this area as something they own by removing the icon of the SaaS? I have some mockups to demonstrate what I am talking about.
Can’t find any research or advice about this. Empirically, it seems like some services allow the brand customization like Gitlab or G Suite and some do not allow it like admin area of LinkedIn.
I am working on a SaaS product that I intend to have multiple plans for, I will have a limit of 50 of item A example and then a per user cust where I will have a base plan of 3 users.
I’m building this application primarily out of Node.js microservices. I was wondering where it makes sense to put in the controls for this type of limiting (the 50 items A not the per-user that seems simple enough).
Do I put it as its own service or is there a reasonable way to integrate it into say an API gateway or auth service?
Currently, the services I have that would be involved in item A are:
I’d like to do it in a way that I could remove the limiting per item later on as I have plans to change my pricing plan structure as the product develops.
I’m open to almost anything, I have a few poorly thought out ideas like adding a middleware that checks the user model and if the user’s company/payment/plan data says that it exceeds the limit then I would return an error.
What compliance issues should any B2B SaaS provider worry about when saving user information to its databases such as Name, DOB, Gender, Emergency Contact Information (Name, Phone, Address), etc.
Does any of this trigger HIPAA or anything like that?
Of course, my proxy will see all the traffic, but I don’t see that that is a problem. The traffic comes from my webapp and serves the purposes of my webapp. In terms of Same-Origin Policy, it is all mysite.com.
The calls are Ajax, so the browser will not show the user that the calls are to proxy.mysite.com rather than somesaas.com
I can see that if the user is sending sensitive data to somesaas.com and expects that mysite.com will never see it, that could be a problem with user expectations.
But would this architecture be blocked by some security layer?