TicketLog
  • Welcome to TicketLog
  • Documentation
    • Users guide
    • Moderators guide
    • Administrators guide
      • Service desk settings
      • User settings
      • Azure DevOps settings
      • Forms & fields
      • Customization settings
      • Custom domain settings
      • Notification settings
    • Azure DevOps extension
    • Data & security
  • Guides
    • How to chart user activity
  • How to sign-in with SSO
  • Troubleshooting
    • Authorizing Azure DevOps
    • Integration with Azure DevOps
    • SSO issues
  • Release Notes
    • 2025.06.09: Landing page
    • 2025.05.21: Single Sign On (SSO)
    • 2025.04.30: Sharing a ticket
    • 2024.11.07: Parameter values
    • 2024.06.21: Extension upate
    • 2024.06.10: Multi-forms
    • 2024.06.06: Remove ticket
    • 2024.05.09: Accepted domains
    • 2023.12.09: Timezones
    • 2023.11.02: Custom fields
Powered by GitBook
On this page

Was this helpful?

  1. Documentation

Data & security

TicketLog's application and data storage is hosted on Microsoft Azure servers in Netherlands. This data includes application data, configuration settings, tokens, and caches. As system administrators, we have access to this data. For user login management we use Azure AD B2C, which is a special instance of Microsoft's Azure Active Directory service to manage federated logins. Our Azure AD B2C server is hosted in the United States. As system administrators, we have access to the list of login email addresses, but not to passwords as they are hashed. For ticket data, we do not capture or store ticket Descriptions, Comments, or most other fields. We fetch these details via Azure DevOps API's on each request. However, we do cache each ticket's Title and State field to improve system performance on list screens. We can disable this cache if requested, but this will impact performance. Data is stored in a multi-tenant database, however with our limited data capture the potential for personal data exposure during an adverse event is remote. For Azure DevOps (ADO) integration, we recommend customers setup a dedicated integration account in ADO. For example, ticketlog@yourcompany.com. Customers can place restrictions on this account to limit which ADO project(s) TicketLog can interact with. We do not store the password for this integration - each connection must be authorized during setup, which provides us with an access token scoped only for the requested functions. These functions do not include user management functions, which limits the potential for privilege elevation via this access point. Customers can deauthorize their integration account at any time from the Azure DevOps portal.

Last updated: 2024.06.14

PreviousAzure DevOps extensionNextHow to chart user activity

Last updated 12 months ago

Was this helpful?