Managing Security
At Wamly, security is integrated into every layer of the hiring process to ensure that sensitive organisational and candidate data remains protected. Our security framework relies on a combination of industry-standard authentication protocols—including Single Sign-On (SSO) for enterprise environments and Multi-Factor Authentication (MFA)—alongside a strict Role-Based Access Control (RBAC) system. By centralizing security management under the 'My Organisation' tab, System Managers can maintain a complete audit trail via the Activity History module, ensuring that every administrative change is tracked and that data access is restricted solely to the departments and projects where it is required.
User Authentication and Access
Multi-Factor Authentication (MFA): If enforced by the organisation, users must set up MFA via a secondary email or SMS. Wamly recommends using SMS as most workers have easier access to phones than personal email.
Single Sign-On (SSO): Available for Enterprise-level organisations, this allows users to access Wamly via their company's identity provider (e.g. Azure AD or Google Workspace).
For detailed steps on setting up your Single Sign-On (SSO) please refer to this article.
Password Requirements: Passwords must be at least 8 characters and include a number, special character, and both uppercase and lowercase letters.
OTP Verification: 6-digit One-Time Pins (OTP) are used during signup, password resets, and manual login attempts to verify email access.
Data Security and Audit Logs
Security Tab: Only System Managers can access global security settings under the MY ORGANISATION tab.
Activity History: This is the only module currently providing a front-end audit log, allowing users to see every update made to security settings and by whom.
User Records: Users can never be deleted, only deactivated, because their profiles are required to maintain the platform's audit trail.
Candidate Consent: For background checks, candidate data and consent are collected upfront. Only System Managers can view or download the generated PDF consent documents for audit purposes.
Role-Based Restrictions
Permission Layers: Security is maintained by strictly limiting visibility based on roles (System Manager, Administrator, Rater).
Department Isolation: Administrators are restricted to data within their allocated departments, preventing unauthorized access to other areas of the organisation.
Sensitive Data Visibility: Rater settings can be configured to hide specific sensitive information, such as psychometric or background check results, on a per-project basis.
Related Articles
Managing Users
Users are a critical part of the Wamly system as this will control access and permissions to your Organisation. Users should not be confused with Company Employees applying for roles within the Company. Once a User gets added to the Organisation they ...Managing Background Checks
In Wamly, Background Checks are an optional, integrated feature that allows organisations to conduct various verifications—such as criminal history, credit, and qualifications—directly within the platform. Candidate data and consent is collected up ...Managing Organisation Structure
This guide provides the steps necessary to review and modify your organisation structure details within the platform. There are two sections namely Departments & Cost Centers. Key Impacts of Using Departments Segmentation: The main intention behind ...Managing Forms
Key Use Case Form Templates act as a pre-designed base for the application forms that candidates complete when applying for a role. They are managed within the TEMPLATES section, which is accessible only to System Managers and Administrators. Key ...Managing Branding
This guide provides the steps necessary to review and modify your organization’s Branding within the Wamly platform. Key Impacts of Using Branding Candidate-Centric Design: Built for teams who care deeply about the candidate journey. Custom Branding: ...