Functional accounts

Pointsharp Functional Accounts are used in environments where a user may have multiple accounts, such as employee, consultant, or role-based accounts linked to a single identity. This feature allows users to select the appropriate account during login.

Eliminates shared accounts

By allowing users to select functional accounts tied to their own identity, there is no longer a need for shared accounts or password sharing. This eliminates the risks and administrative challenges associated with shared credentials, such as lack of traceability, compliance issues, and security vulnerabilities.

Audit and logging

All authentication events and account selections are logged for auditing, using secure and up-to-date APIs.

Process steps

  1. When a user logs in, the system automatically searches all configured user directories for accounts matching the user’s identity (such as a personal number or email).

  2. If multiple accounts are found, the user selects the desired account. Each account in the selection is labeled (e.g., “Employee”, “Consultant”) based on a configurable user attribute, making it easy for users to identify the right account.

  3. The selected account is authenticated, and session notes are set to track the account and client.

  4. If the user attempts to access another client with an active session, a warning page is displayed. To switch accounts, the user must close and restart the browser, preventing insecure session reuse.

Use cases

  • Multiple roles for employees: Staff who perform different functions (for example service desk or day shift manager) can select the appropriate account for each task, ensuring access rights are always correct.

  • Consultants and contractors: External users with temporary or specialized roles can maintain separate accounts for each engagement, improving security and auditability.

  • Healthcare and education: Professionals who work across departments or institutions can choose the relevant account for each context, supporting compliance and data segregation.

  • Delegated access: Users with delegated responsibilities (such as acting on behalf of another person or group) can switch between functional accounts as needed.

  • Elimination of shared passwords: Functions that previously required a shared account (and thus shared passwords) can now be assigned as functional accounts to individual users, ensuring accountability and eliminating the risks of password sharing.