Employee Identification (Approved Domains)

ControlUp identifies the employee using a device using the following methods:

• If the account signed into the device is a domain account, then the employee is identifed by that account.
• If the account signed into the device is not a domain account (for example, a local account), then the employee is identified using the accounts signed in to specific applications on the device such as Microsoft 365 or Microsoft Teams. To prevent identifying employees by their personal accounts, this identification method is used only if you have created a list of approved domains (read below for details).

Only identify employees in specific domains

If you want to restrict employee identification to accounts in only specific domains, you can create a list of approved domains. After you add at least one domain to the approved domains list, then accounts in all other domains are excluded.

Employees can be identified using their accounts signed into applications on their device only after you create a list of approved domains.

To create a list of approved domains:

1. Go to Settings > Experience Score and select the Privacy tab.
   

2. Click +Approve Domain and enter a domain (for example, controlup.com) and click Submit. Repeat this step to add additional domains.

Primary domain

If you create a list of approved domains, you must set one of the domains to be the Primary Domain. If the account signed in on a device doesn't identify the employee and there are multiple accounts signed in to applications on the device, then the account that matches the primary domain is used to identify the employee. If none of the accounts match the primary domain, then the most commonly used account identifies the employee.