Assessment Contributor Access

When you give access to a third party to answer questions in an assessment they get access to all the questions in an assessment.

They can answer questions, add notes, add evidence and create custom actions.

When they complete the last question in the assessment they can select the "Done" button. This will take them to the assessment dashboard where they will have access to the overall results of the assessment.

From here they can select "control questions" and go back to the assessment question list.

Assessment contributor access email case

Your assessment contributor will not be able to access the platform if you don't use the correct email case.  

The email case you use when you add a third party email account must match the SSO system which they will authenticate from.

Potential future system ameliorations for this issue are limited without breaking our security protocols.  This is because:

• Our email standard requires we treat different email address casings as fully separate email addresses, otherwise we open ourselves to certain attack vectors.
• If we were to validate whether someone has already been registered to the system, this could/would leak the presence of the user to the user testing if the email address is already in play.
• If we were to force downcase of email addresses, it would break authorisation with SSO accounts configured for capitals.