Keeping online events secure is more important than ever in times where remote meetings and webinars are becoming more and more commonplace.
Novi's private webinar feature creates unique join links that can be used with ZOOM, GoToMeeting, or any webinar hosting platform. These links are attendee-specific and valid for just one person, preventing the need to share the main meeting URL publicly.
Why is this important?
One of the main reasons for private webinars is to help our associations prevent link sharing. Link sharing contributes to the abuse of members-only benefits and devalues your organization's events (which can lead to lost revenue, eek!) when attendees are able to share the link with their co-workers or peers.
How does it work?
Once an attendee registers, a unique join link is sent to them in their event confirmation email. It can also be accessed via their Member Compass 15 minutes prior to the event, and in their calendar invite if they choose to add the meeting to their calendar (while logged in).
Once the attendee joins, they are automatically marked as attended on the event - so no need to keep track of who's coming and going!
AE Tip: Double-check your webinar client settings and make sure any registration through their platform is turned off so attendees don't have to register twice.
To set this up, simply select Online as your event location, select Private, and then enter your online event URL. If you're using Zoom, see our tip about security settings near the end of this article.
Since we're creating unique links for every attendee, the original URL is not revealed to attendees through the Novi system.
Please also read the "Secure Setup Recommendation" section below for important information on our full setup suggestions!
Note: Public links function as they always have - the main URL is readily accessible for attendees and from the main event page.
The Details & FAQs
What do the registered attendees see and how do they get their links?
- Directly after registration:
- In their event confirmations & reminder emails:
- From the Member Compass "My Events" tab:
Can admins see the attendee's unique URL?
- Yes! In the event attendee list, find the attendee who needs the link > navigate to the Action column > click edit. In the modal that appears, you'll see the attendee's private join link:
What if the wrong person tries to use the link?
- They'll be shown this message:
What if someone who has cancelled attempts to join?
- They'll be shown this message:
What if someone tries to join the meeting too early?
- Attendees can join 15 minutes prior to the start of the meeting and anytime during. If they're too early, they'll be shown this message:
How do you know if the correct attendee is using the link?
Novi will validate the attendee based on them being logged in to the account that the registration link is connected to. If non-logged in guests register, they will still have a unique link, but we cannot guarantee that the correct person is using it. (Please see "Secure Setup Recommendation" below for steps on preventing this.)
What should we tell our members about private webinars?
For the best results, communicating with your members is a great idea! Since the system is validating on the attendee level, your members should:
- Login to register!
- When entering the attendee name, select from the dropdown list that appears rather than just typing info in (if possible). This way, the registration is connected to the existing member record.
- If registering multiple people, be sure to include unique emails for each, so that everyone receives their unique join link. Otherwise, the purchaser would need to forward the links to everyone on their registration.
Secure Setup Recommendations
The most secure version of the private webinar feature relies on the system's ability to verify that an attendee using a link is the attendee it's meant for. The only clear way for us to do this is if that attendee is logged in to your site - member or non-member (non-members can certainly still create an account!).
As an added bonus, this may also be a great bridge to promoting user account creation amongst your members.
The main step in securing your attendees is:
- Require attendee information
Only for associations with an "individual" based member type:
- Remove the ability for guest purchasers
- Check that attendees are connected to a record in the database
*A tip for any online event - remember to check your webinar provider’s settings for any special settings and setup you need to be aware of, i.e. breakout rooms.
Require attendee information
By requiring attendee information on your event's tickets, you're ensuring that you won't have blank names for attendees, which can make it virtually impossible to tell who was meant to be registered (P.S. this should be standard for most of your event tickets regardless, unless you're more concerned about attendee numbers and not so much specific attendee info).
On your tickets, make sure the highlighted box below is checked:
Only for associations with an "individual" based member type: Remove the ability for guest purchasers
When someone checks out as a guest for an event, it simply means that they're not logged in. By not taking this step, guest purchasers will be allowed to buy tickets for the event.
This won't mess up your entire setup, and they will still have their own unique URL to join with, but it is less secure because the system won't be able to validate who they are when they join the meeting. So even though that link is still valid for only 1 person to use, Sally could use it, even if Bob was the person who registered.
To prevent this, you can use the help of a group. One way would be to use an existing group of all current members or certain member types (creates FOMO for the non-members!).
However, if you want anyone to be able to register, create a group with the condition: Has User Account = Yes (since both members & non-members can have an account, this is inclusive regardless of membership status).
Then, lock down the ability to purchase tickets to the group(s) of your choosing.
Note: Each site has a setting to "Allow Non-Member Account Signup". Please let us know if you're unsure if this is turned on for you, or if you'd like it to be.
Only for associations with an "individual" based member type: Check that attendees are connected to a record in the database
Lastly, once you have attendees registering, check every so often that the attendee is connected to its corresponding record in the database (if one already exists). Sometimes people type in their name instead of selecting it from the dropdown available to them, and if they do, you can edit the attendee's name as an admin to ensure that it's connected to their record, and therefore, their login.
Zoom Link Security Settings
If you use Zoom for your virtual event, you'll notice in the Security section of the meeting's settings that Zoom requires you to select Password or Waiting Room. When this is set to Waiting Room someone from your team will have to admit each person into the meeting as they join. Since this can be cumbersome and distracting while you're trying to focus on the actual event, we recommend using the Password setting.
The Zoom URL for the meeting will include the passcode at the end of the URL. So the attendee doesn't have to "know" the password or even type it in - they can just click the link - and your team won't have to admit people from the waiting room.
For Novi events that are setup using the "Online" Event Location (including both the public and private settings), the Zoom link that includes the password is what you'll enter in the URL field in Novi.
Changing an Existing Event From Public to Private
If you're transitioning an event that began as public to now become private, remember that the attendees already registered would not have been notified about a unique join link during or after registration. You'll want to reach out to them directly with their unique URL and/or setup an automatic event reminder for the event since this will include the link.
If you setup an automatic event reminder, you may also want to reach out (perhaps by syncing your event over to MailChimp/Constant Contact) to let them know about the new setup.
If no attendees have yet been registered, simply make the change in the event's Details tab and you're good to go!