Staff Updates

The main area of the homepage is dedicated to staff updates. This is a great place to post news items and announcements for your staff. Learn how to customize this area for your organization in the Customizing Your Rock Homepage section below.

Metrics

Below the articles in the staff updates section you'll see the metrics section. This section displays Active Records, Active Families and Active Connection Requests. Learn more about these metrics and how to customize this section in the Configuring Homepage Metrics section below.

Quick Links

The Quick Links section on the right side of the screen is a great place to provide staff with links that your organization uses most often. For example, organizations have used this section to provide links to:

• The online catalog for ordering office supplies
• Referral lists for counseling or pastoral needs
• The organization's webmail site
• Project management tools like Basecamp or Asana
• Facility management tools like ServiceU
• Frequently used forms

You can update the Quick Links section by editing the HTML, which is accessed the same way block settings are accessed.

Active Users

Under the quick links section you'll see blocks listing active individuals on the internal and external websites. This allows you to see staff who are currently working and individuals browsing your website. You can click on a name to view the individual's Person Profile page.

Administrator Checklist

After you first install Rock you'll see an Administrator's Checklist on the homepage. Don't worry, only Rock administrators can see this block.

This is a list of tasks you'll want to complete before you get too far along in your Rock deployment. Once you've checked all items off the list the block will disappear, but not forever. After an update you may need to add or change certain settings in order to use a new feature, and those steps will be listed in the block. Think of it as an old friend who shows up in your hour of need (not like your old college roommate who only shows up at the worst possible times).

Be Creative

Don't limit yourself to what's provided out of the box, or even the suggestions we give in this guide. We crafted these features just for you, because we want to enable you to take what Rock provides and make it your own. Manage the content on your homepage to reflect the unique needs, resources and vision of your organization.

Customizing Your Rock Homepage

To manage the content of your Rock homepage, go to:

Tools > Content > Internal Communications - Homepage.

You can edit existing content items, or add new items, from the block at the bottom of the page. Doing either will bring you to the Edit Content Channel Item page.

See our Designing and Building Websites Using Rock guide for more information.

Configuring Homepage Metrics

Rock ships with three metrics ready to display on your Rock homepage:

• Active Records: The number of active person records in the database
• Active Families: The number of active families in the database
• Active Connections: The number of active connection requests in the database

We've supplied these metrics—which will automatically update weekly—as a way of getting you started. We encourage you to customize this section and select different metrics by editing the block settings.

Org Chart

Under the Intranet tab you’ll find an Org Chart page. This is simply a group viewer that's designed to help you develop your own organization chart. It's often helpful to have an org chart in Rock that you can easily reference, like when you’re setting up security. If you don't think you'll need this you can simply hide it from the navigation by changing the Display When setting to Never under Page Properties. Or, you can always just delete it.

Keyboard Shortcuts

In an effort to speed up your interaction with Rock, we've added several keyboard shortcuts. Let's look at what's available:

• Alt + Q Quick Search: Sets focus to the search box at the top of the page.
• Alt + S Save: Presses the save button on the given page.
• Alt + M Edit: Presses the edit button on the given page (think M for modify).
• Alt + C Cancel: Presses the cancel button on the given page.
• Alt + N New: Presses the add button on any grid on the page.
• Alt + I Edit Individual: On the Person Profile page this allows you to edit the individual's information.
• Alt + O Edit Family On the Person Profile page this allows you to edit the family's information.

Starting in v10.2, we also have keyboard shortcuts specifically for admin bar functions:

• Alt + B Block Configuration: Enables the Block Configuration fly-outs.
• Alt + Z Page Zones: Enables the Page Zones fly-outs.
• Alt + P Page Properties: Opens the Page Properties modal window.
• Alt + L Child Pages: Opens the Child Pages modal window.

If you're using a Mac, press Ctrl + Opt (instead of Alt) and the letter key of the shortcut you want to perform.

Entities

The word "entity" is used to describe the classification unit of different types of data in Rock. For instance, People, Groups, Financial Transactions, Locations and Pages are all entities in Rock. If you’re familiar with databases, entities are very similar to tables. In fact, most entities in Rock have an associated table in the database.

You might be asking, "Why do I need to know this?" For the most part, you don’t have to know a thing about entities to successfully use Rock. But, you'll see the term in many of the configuration screens so it’s good to know what it is.

Defined Types / Defined Values

Many of the configuration items in Rock are made up of a list of valid values. Think about the Marital Status of a person. While we could have made this a textbox where anyone could type in the marital status of a couple, in today’s world that could be a disaster. You’d probably get a million different answers to that question. Instead, it's better to limit the options to a finite list that makes sense to your organization.

The "valid value" concept is prevalent in numerous areas (Record Status, Phone Types, etc.) Instead of creating separate screens and logic for each of these, we came up with the concept of Defined Types. These are lists made up of values (Defined Values) that you get to configure according to your organization’s needs.

Change Password

This is where the individual can change their password. Simple enough.

Communication Templates

This page allows the individual to access communication templates they are permitted to edit. You might find it convenient to secure certain templates so only a single person can edit them; they can edit those templates here even if they don't have access to the Communications page on the Admin Tools menu. For more information on templates, check out the Communicating With Rock and Email Template Survival Guide documents.

Merge Templates

The Merge Templates feature allows you to take a table of data and convert it into a formatted report or set of labels.

This page allows the individual to view, add, edit and delete personal merge templates. Merge Templates are covered in the Merge Documents section of this manual. In general though, templates uploaded here won't be available for use by other people.

Following Settings

Rock's following features allow an individual to be notified of activities in which they are interested.

From here, an individual can customize their Following Settings. You can read more about these features in the Person and Family Field Guide

Following

This page allows the person to view their current following list (the list of people and other items they have chosen to follow). You can read more about these features in the Person and Family Field Guide.

Configuring Checkr

The first option for running background checks on individuals is Checkr. Once configured, Rock will default to using Checkr for background checks. You can easily change this default, however, which we'll look at shortly. First, though, let's look at the steps to set up your Checkr account.

Step 1: Sign-up

The first step in the process is to sign up for a Checkr account. You'll start from your rockrms.com account.

1. Log in at www.community.rockrms.com, and then click on the menu in the top right corner with your picture on it.
2. Click on "Your Organizations". In the center you'll see the organization(s) with which your account is associated.
3. Click on the organization you wish to set up with Checkr. Then, beneath the organization logo in the Integrations section, click the "Checkr" option.
4. Click the Create New Checkr Account button.
5. Once your account is set up, your organization page in the Rock RMS site will update with an Account ID and Access Token.

Step 2: Set Up Webhook Inside Checkr

The next step is to set up Webhook inside Checkr. This tells Checkr where to send updates when background checks are complete. Begin by logging into your Checkr account at dashboard.checkr.com, then navigate to:

Account Settings > Developer Settings.

Type your Rock URL appended with /webhooks/checkr.ashx in the Webhooks URL field, select Live, then click Add. Finish by selecting the subscriptions shown in the above screenshot.

Step 3: Configuration

Now that Checkr is active, it's time to link your account to Rock. From within Rock, access the Checkr screen located at:

Admin Tools > System Settings > Checkr

Enter your Checkr Access Token (from the Rock RMS website) into the field provided. Click Save. The Background Check Types list is automatically downloaded when you enter the access token. If you want to download an updated Background Check Types list, click the Update Packages button.

Checkr is now active by default in Rock. You can view Checkr's status in the Background Check Providers page in the System Settings under Admin Tools.

(The Access Token should already be filled in for you at this point, since you provided it on the Checkr configuration page)

Set as Default

Note the Enable as Default Background Check Provider button. This button allows you to set Checkr as your default background check provider.

Viewing Checkr Requests

You can view all the requests that Checkr has processed in the Checkr page. This list is provided to help you see what's being processed at a high level. As you'll see soon, you can also view the results of a specific background check request from the Workflow and Person Profile pages.

Configuring Protect My Ministry

The second option for background checks is Protect My Ministry. Below are the steps for setting up and configuring this provider in Rock.

Step 1: Sign-up

The first step in the process is to sign up for the Protect My Ministry service. To do this, start at the Protect My Ministry page in Rock under:

Admin Tools > System Settings > Protect My Ministry.

Should you choose to register for a new account, click the Register For An Account button. You'll be taken to the Protect My Ministry website to complete the registration.

After completing the registration, come back to the Rock Protect My Ministry page and enter in the username and password you created. You'll then be taken to the Protect My Ministry Detail Page.

Step 2: Configuration

Once you've entered your account information in Rock, you’ll see the details of your account on the Protect My Ministry page.

Important:

The Result Webhook setting will be populated automatically using your Rock Public Application Root Global Variable. However, this can be changed here if needed by clicking the Edit button. This address must be secured using SSL/TLS (must start with https://).

Know that you can't simply change the http:// to https:// here, though, without having a valid SSL/TLS certificate installed and your web server configured properly. Google is your friend if you need help obtaining and installing a certificate.

You'll now want to configure the packages that are tied to your account. The most popular packages have already been made available to you through the integration. Each package has a brief description that outlines its specific merits.

There are several configuration settings for each package. Let's look at each setting and what it means.

• Package Name This is the PMM name for the package. It must be an exact match to what's in their system, so please don't change it unless instructed to.
• County Criminal Default County Depending on your state it may be recommended that you provide a county on your request. If so, this will be the default county to use if one isn't present on the address of the person you're checking. You can check your state’s requirements using this map from PMM.
• Use Home Address for County Criminal This too will depend on the state in which you live. If your state is recommended for the county search, you'll want to enable this option.
• State Criminal Default State This is the default state to use when doing a state criminal request. This option is defaulted to the state that's most common in your database, but feel free to change it.
• Use Home State for Statewide Criminal This setting determines if the state from the address should be sent.
• MVR Jurisdiction Code This setting determines jurisdiction to use for MVR (Motor Vehicle Records) searches. You can select your area from the list provided. This is only needed for MVR type searches.
• Use Home State for MVR Search This determines if the state from the home address should be sent for the MVR search. This is only needed for MVR type searches.

While you can add new packages using the settings above, the packages provided should meet all your needs. You may need to edit some of the configurations to meet the recommendations for your state. This decision centers around whether you should be doing a state or county search.

Viewing Protect My Ministry Requests

From the Protect My Ministry page you can also view requests that have been processed. This list allows you to see what's being processed from a high-level perspective. However, it's much easier to see the results of a specific background check request from the Workflow and Person Profile pages. We'll talk about that next.

Background Check Administrators

Background check admins have access to all background check details and the ability to approve or deny them at several points in the process.

Before you start processing, you'll want to configure the person or people who will be included in this security role under Admin Tools > Security > Security Roles > RSR - Background Check Administration.

Processing Requests

Several different organizational needs kick off a background check request workflow. For instance, you may be hiring a new staff member, screening a potential volunteer, updating person profile records or transferring someone into a new position. Whatever the reason, it’s usually a staff member who needs to start the request for a background check.

To see if an individual has completed a background check, go to the Person Profile page and look under the Extended Attributes tab.

Staff will be able to see either a Yes or No in the Background Checked field. Background check administrators can see three additional fields and have editing privileges.

1 Background Checked

Will have the checkbox either checked or empty.

2 Background Check Date

Will have the date the check was completed, if applicable.

3 Background Check Result

Will show either Pass or Fail.

4 Background Check Document

Will have a complete PDF of the background check results, if a check has been completed.

5 Driver's License Number

Will have the license number, if provided.

How It Works

The Lifecycle Of A Request

1 Initiate

A staff member will initiate a request.

2 Notify

Individuals in the 'Background Check Administrators' security role will be notified of the request, and will either Approve or Deny it.

3 Denied

If the request is denied, a notification will be sent to the requestor, who can then update the request and resubmit it or cancel the request.

4 Approved

If the request is approved, it will be submitted to your organization's background check provider to be processed.

5 Results

If the background check comes back as 'Pass', Rock will update the Person Profile page with pass/fail results and a PDF copy of the full report. The requester will also be notified of the completion.

6 Review

If the check comes back with a status other than 'Pass' the workflow will notify the individuals in the 'Background Check Administrators' application group to review the results and determine if the background check should be passed or failed. The results will then be emailed to the requester.

Location Descriptors

When you create a location, you can define several location descriptors:

• Street Address: This is pretty obvious, the street address of the location.
• Latitude / Longitude Point: The lat/long point is simply the latitude/longitude of the address. You can set this by either providing an address and allowing Rock to convert it to a lat/long using the built in address standardization service or you can reference the point using Rock’s location picker.
• Geo-fence: A geo-fence is a virtual perimeter for a real-world geographic area or boundary. Geo-fences are used by Rock to define things like regions for groups and to power future mobile applications like check-in. Rock allows you to draw these fences right in the address picker.

Types of Locations

There are two types of locations in Rock. Let’s take a look at each and see how they are used by Rock.

Address Standardization and Geocoding

Your attendees' addresses are very valuable, so it's important that they are formatted correctly and validated through the USPS database. Also, in order for these addresses to be used with the latest mapping technologies it's important to convert them into latitude and longitude points through a process called geocoding. Fortunately, Rock makes both of these tasks simple.

As addresses are entered into the system, Rock will automatically send them to an online service to standardize and geocode them. This service will ensure that:

• Addresses are formatted correctly (e.g. fix upper / lower case issues)
• Items like Streets, Avenues, West and East are abbreviated correctly
• Zip+4 is researched and added
• Latitude and longitude are added to your addresses

Out of the box Rock uses SmartyStreets to provide this service. SmartyStreets is a service for address standardizing and geocoding capabilities. They have also generously granted the Rock community a license to use their service for free. We've built this license directly into the product so there's nothing you need to do to enable this functionality. Just sit back and enjoy quality addresses.

While you don't need to configure anything to enable SmartyStreets, there are settings of which you should be aware:

• Acceptable DPV Code - This setting determines the acceptable quality match for standardizing an address. You can find all of the options on the SmartyStreets documentation site. The default settings is 'Y,S,D' which is a full or partial match.
• Acceptable Precisions - This setting is similar to the DPV code but is related to the required precision of the geocoding in order for it to be considered a successful match. You can find more information on the SmartyStreets documentation site. The default setting, 'Zip7,Zip8,Zip9' determines a successful match if the address is matched at Zip+2 (e.g. 85383.23__) or better.

If you'd like to make changes to the services used by Rock, you can under:
Admin Tools > System Settings > Location Services.
There you'll see a list of services that Rock supports. Not every service supports both standardization and geocoding.

Email Settings

The configuration items you provided during the install can be updated under
Admin Tools > Communications > Communication Transports.
Email is sent from Rock using a communication transport. Think of this as a delivery service. Just as you might pick between sending your package via UPS or FedEx, Rock gives you options when sending out your emails.

Sending bulk email is difficult in today’s age of spam and spam filters. Simply configuring an ISP or Internal Exchange Server isn't enough if you want to ensure all your messages will make it to their intended recipients. To do that, you need to confirm your DNS has proper SPF and Domain Key records and ensure that you're not on any blacklists. Even for the largest organizations, this can be an overwhelming task.

Wherever a problem exists, a new service will be created to help solve it. That has certainly been the case in the area of email deliverability. With the importance of email and the complexity of getting your environment right, it makes sense for most organizations to outsource the sending of their emails. These services specialize in getting it right and the pricing is fairly reasonable. Rock ships with Mailgun and SendGrid transports, but you can check the Rock Shop for integrations with other transports.

These services do require some minor changes to your organization’s DNS settings, but they walk you through the process online to make it easier.

Security Roles

While you can provide detailed security for every person individually, it's often tedious and problematic. Security roles, on the other hand, are much more flexible and far less prone to error.

Having a well thought out strategy for security roles is critical. Too simple and individuals might have more rights than they need; too complex and security will be difficult to maintain.

We've worked hard to lay a security foundation that makes sense for you to build on. We strongly recommend you closely review the security roles that ship with Rock before you start setting up your organization’s security. You can find those roles under Admin Tools > Security > Security Roles.

Permissions

Wherever you see the icon you can manage the security of the item being displayed. Clicking the icon will bring up the Security Editor shown below.

1Actions

The first thing you’ll see is a tabbed list of the security actions available for the item. Typically these will be View, Edit and Administrate. You'll set permissions for each of these actions.

2Item Permissions

The Item Permissions area is a list of the specific permissions defined for the item. If there are no specific permissions set for this particular item, the list will be empty. In these cases, security is being inherited from its parent. But now we’re jumping ahead...

3Inherited Permissions

Most items don’t have permissions of their own. They inherit their permissions from their parents. For the most part, you’ll only add Item Permissions when you want to increase the security of the item. This is a very powerful concept. It keeps you from having to constantly and consistently tweak the security of each item. It also allows you to change the security of an item and let the change trickle down to all of its children.

Verifying Permissions

There may be times when you want to view a quick snapshot of a person's security permissions. You can do this in the Verify Security block, found in
Admin Tools > Security > Inspect Security.

1 Person

Search for the person whose security permissions you want to view.

2 Entity Type

Select the entity type you want to verify. For example, if you want to view the security on a page, select 'Page'.

3 Entity ID

This field is where you enter the Integer ID or Guid of the entity you want to view. For example, if you want to view the security of the external homepage (which has the Guid of '1'), type "1" in this field.

4 Security Permissions

This is the list of security permissions for the person based on the search criteria.

5 Unlock Security

This button allows you to quickly unlock security permissions.

This snapshot view allows you to do a couple of handy things.

First, it allows you to view the source of a person's effective security permissions. If, for example, someone should have access to a particular page or function but doesn't, the Verify Security block allows you to quickly view where the Deny rule is coming from. Keep in mind that the security permissions of particular entities (e.g., pages, groups, etc.) not listed here may cause additional limits to the person's access.

Second, and perhaps more importantly, it allows you to restore your own permissions when you accidentally lock yourself out. Don't be embarrassed; it happens to everyone. The Verify Security block allows you to quickly unlock your access without having to go into the database. Simply click the button.

Questions About Updating

Do I have to update to the latest version?

Depending how often you update, you may see several updates available. You don’t necessarily need to update to the latest and greatest version. You can update to any version you wish. Doing so will install all of the previous updates up to that point.

Can I skip a specific update?

No, updates are cumulative. You can't skip over a specific update or patch.

Duplicate Finder

The duplicate finder routinely goes through your database looking for records that could be duplicates. When it finds possible matches, it scores them and lists them for you under:

Tools > Data Integrity > Duplicate Finder.

1 Confidence

Indicates the likelihood that this is a duplicate record.

2 Name

The first and last name of the individual.

3 Match Count

The number of possible duplicate records for this person.

4 Modified

The date and time the duplication record was modified. This is another data point to help you determine if a record is a duplicate.

5 Created By

The person (or possibly application) who created the duplicate record. This helps determine how the duplicate may have come into existence and which data point might be more accurate.

Clicking on a row will take you to the duplicate detail screen.

The top row represents the source record and the rows below represent possible duplicate records. If any of these rows are duplicates, you can select them and select the icon in the grid footer to merge them. Each record has a series of buttons to the right. These buttons perform the actions defined below.

• Opens the Person Profile page for this individual in a new window.
• Tells Rock that this record is definitely not a duplicate of the record above.
• Tells Rock that there's currently no way to be sure if this record is a duplicate of the one above. Selecting this will keep Rock from showing it as a possible duplicate until more information is available. If you're uncertain whether two records are duplicates or not, you can simply decide not to do anything yet. As more data is added to the records, Rock will update the match scores to reflect a more accurate prediction.

Detail-minded admins might be interested in how the percentages are calculated for duplicate records. The out-of-the-box logic compares two records based on a points system. Points are awarded based on the following factors:

• Email Match (4pts)
• Partial Name Match (First 2 characters of the first name plus full last name) (1pt)
• Full First Name Match (3pts)
• Full Last Name Match (3pts)
• Suffix Match (4pts)
• Cell Phone Match (4pts)
• Non-Cell Phone Match (2pts)
• Address Match (2pts)
• Birthday Match (3pts)
• Gender Match (1pt)
• Campus Match (1pt)
• Marital Status (1pt)

A percentage is then calculated by comparing the number of points scored to the total possible points.

Reports

There are several cleanup reports that have been created to help you identify records that need your attention. Feel free to add your own reports here. Each of the reports that ships with Rock is documented below.

Workflows

Workflows can be set up to help automate the process of data integrity. Feel free to add your own. We've outlined the ones that come with Rock below.

See our Blasting Off With Workflows guide for more information.

Location Editor

The location editor allows you to edit and clean locations in your database. Because there are so many locations in your database (think every address) the list will only show items that match the filters you provide. A common use for this page is to edit the geocoding for a specific address. There's a helpful filter to show you addresses that are not geocoded.

You can select an address to view or edit its details.

Photo Requests

When new photos are submitted by your organization's members they will be displayed here. This allows you to review the photos and ensure that they are appropriate. You can read more about this process in the Person and Family Field Guide.

Merge Requests

If a staff member without the needed security tries to merge person records, then a merge request will be created and listed here. By default, you won't have security access until you're listed on the Merge People page with read rights.

Data Automation

Rock ships with a powerful Data Automation job that automatically updates person and family records. This makes things a lot easier for you. The job settings are configured here on the Data Automation page, located at:

Tools > Data Integrity > Data Automation.

• Reactivating individuals who are currently inactive
• Inactivating individuals who are currently active
• Updating which campuses families are associated with
• Moving adult children to their own families
• Updating Connection Status values
• Updating Family Status values

Updates are made to records when the Data Automation job runs. By default, the job is configured to run every Tuesday morning, but you can change that time to what works best for your organization. Also, note that the job is active by default, but the data automation types listed above are all disabled. The updates will run automatically once the settings are enabled.

OK, now that you have an overview of the job, let's take a closer look at the four types of data automation included in the Data Integrity Settings screen.

Connection Status Changes

As the name implies, the Connection Status Changes tool lets you see (you guessed it!) changes in connection statuses. Since we’re already clear on its purpose, let’s dive right in and take a look at how to use it:

1 Date Range

You can narrow the results to status changes that occurred within a time period you choose. You can also leave the Date Range blank to view changes on any date.

2 Campus

Only people from the selected campus will be shown in the results. You can leave it blank to show individuals from all campuses. This is disabled if you have only one campus.

3 Original Status

If selected, only changes from this status will be shown in the results. This can be left blank to view changes from any status.

4 Updated Status

If selected, only changes to this status will be shown in the results. This can be left blank to view changes to any status.

5 Apply

Use this button to apply the above selections to the results.

6 Results

Individuals who match all criteria provided are listed here after clicking the Apply button.

See our Engagement guide for more information on connections.

PBX CDR Records

A PBX, or Private Branch Exchange, is a telephone system in an organization that switches calls between people in that organization on local lines while allowing them to share several external phone lines. In short, it allows Rock to talk to the phones within your organization. PBX CDR Records downloads phone call detail records for the calls made on those phones and stores them in interaction tables. This valuable data helps you map the real-life relationships that exist within your organization. It also allows you to use click-to-call technology, where Rock places your calls for you with the click of a button.

You'll need a plug-in to let Rock talk to your phone system. You can write your own, or you can use one of the plugins available in the Rock Shop, such as Digium Switchvox. Additional PBX plugins will be added as this technology becomes more widely used.

Rock Update

Updates are one of Rock’s best features. Many systems require tedious software updates only the vendor can complete. Not so with Rock. When an update is made available, all you need to do is visit this screen to check the details. When you’re ready, simply click the Install button. Rock will then download and install the updates for you. How easy is that?!

Global Attributes

Global attributes (Admin Tools > General Settings > Global Attributes) are the basic configuration settings that are used to customize Rock. Each has a default value that you can override. Many of these are set up during the installation process. Below is a list of the core settings and descriptions.

Defined Types

Defined Types are settings that are specific to a certain feature. In the list, you’ll find settings for Check-in, Giving, Marketing Campaigns, Metrics and People. Each of these will be discussed more in sections relevant to each feature, but let’s look quickly at how you can edit these settings.

Each Defined Type can have multiple values (cleverly called Defined Values). To edit the values for a Defined Type, simply click on the item in the grid you want to edit. You'll then be taken to a new screen where you can edit its values.

A basic example is the “Ability Level” Defined Type. There are three ability levels that can be used in the system (Infant, Crawling or Walking, or Potty Trained) and each is set up as a Defined Value within the Defined Type.

Group Types

The Group Types screen is used to add new types of groups and to modify those that already exist. These settings are discussed in detail in the Rock Your Groups guide.

Campuses

If your organization has several sites you can manage them here. Check out the Campuses chapter to see the various options available to you.

Tags

Tags allow you to categorize any entity (person, content channel, etc.) into groupings based on a descriptive label. The default entity is Person, but you can change it to any entity you want. The possibilities here are endless, and the results can be super beneficial to your organization.

Tags are discussed in detail in the Person and Family Field Guide.

As an administrator, you'll be responsible for the classification of organizational and personal tags. Only administrators can create an organizational tag and convert a personal tag to an organizational tag. Only those with tagging rights can add security to tags.

Workflow Configuration

Rock is built on top of a powerful workflow engine. These workflows can be configured using the screens found in this section. Creating and configuring workflows is covered in the Blasting Off With Workflows guide.

Workflow Triggers

You can configure a workflow to be launched whenever an entity record is changed or deleted. See the Blasting Off With Workflows guide for more information on configuring workflow triggers.

File Types

Rock can be made to store and manage several different types of files. These include things like images for marketing campaigns, label templates for check-in and the pictures of individuals that display on the Person Profile page. These files can be saved in different storage types. The two main storage types are:

• Database: The files are stored as BLOBs (Binary Large OBjects) in the database. Database storage is a good solution for items that you’d like backed up with your data. Database storage is also a bit more secure since the files are stored in an additional layer of security in the database.
• File System: Files using this storage type are stored on the webserver’s file system. They are securely stored in a directory that can't be directly linked to. This storage type is best for large files that might eat up your valuable database storage space.

Each file type is assigned a storage type to use. You also have the ability to cache files of this type and set a Cacheability Type. Caching is especially useful when using storage types other than the file system since they tend to be a bit slower. Enabling the cache will store a cached version on the server file system to improve speed. Caching is also very useful when working with images. Rock can size images on the fly, which is very powerful but it can impact performance, especially with large source images. When caching is enabled, though, the resized image is cached, so the resize isn't required in the future until the image is updated.

Named Locations

This configuration screen allows you to define specific locations with a name. You'll want to use this to define your campuses, buildings and rooms. These Named Locations can then be used with configuring groups, check-in, etc.

Devices

The Devices page is used to manage devices that interact with Rock in some way. Today this is primarily used to help manage check-in kiosks and label printers, but in the future we hope to add support for all types of devices.

Schedules

Several features require the configuration of repeating schedules. For instance, check-in needs to know your organization’s schedules to be able to configure the time check-in should start. These screens allow you to create those schedules.

Attribute Categories

Everything stored in Rock can have attributes added to it. For example, we can add numerous attributes to a person according to what's important to your organization. In an effort to keep this from becoming unmanageable, you can group your attributes into categories. These screens help define these categories and provide some basic configuration for each.

The first step in adding a category is to filter by the data entity you wish to work with. The default, and most often used, is Person. For each category you can provide a description and give it an icon to use on the Rock screens.

Prayer Categories

The prayer features use categories to help organize and classify prayer requests. See the Raising Up With Prayer guide for more information on configuring prayer features.

Person Attributes

This screen allows you to manage the person attributes you've configured in the system. See our Person and Family Field Guide for more information.

Person Profile Badges

Badges are simple icons that express details about a person’s involvement or activity with your organization. Examples of badges would be baptism or attendance rate. The Person Profile page block properties need to be updated to display new badges. See our Person and Family Field Guide for more information.

Merge Templates

This is where you'll manage the systemwide merge templates. You can find out more about merge templates in the Merge Documents chapter of this guide.

Group Requirement Types

This page allows you to manage the group requirements for your organization. You can learn more about group requirements in the Rock Your Groups guide.

Signature Documents

This page allows you to house templates for documents that require signatures, such as registration forms. Click the button to add a new document. You can learn more about digital signatures in the Digital Signatures chapter of this guide.

Universal Search Control Panel

This screen allows you to configure the Universal Search settings. To learn more about Universal Search, see the Universal Search manual.

Attribute Matrix Templates

The Attribute Matrix Templates screen allows you to create a dynamic layout of multiple field types of your choosing. Like a spreadsheet, the matrix is made up of rows and columns. You can use Lava to customize the fields, but what's provided out of the box will likely fit most of your needs. Keep in mind that attribute matrix templates aren't reportable (yet), but this powerful tool allows you to dynamically populate pages with just about any information you want. For example, you can create a matrix of phone number attributes, then customize a page to display those numbers on the fly.

Creating an attribute matrix is a two-step process. First, create your template in the Attribute Matrix Templates screen, then configure the page to display the matrix. You can learn more about page customization in the Designing and Building Websites Using Rock guide.

Tag Categories

This screen allows you to view and configure tag categories. To learn more about tags, see the Tags chapter of the Person & Family Field Guide.

Archived Groups

This screen allows you to view groups that have been archived. To learn more, see the Rock Your Groups Guide manual.

Group Member Schedule Templates

This allows you to add or modify group member volunteer/serving schedule preferences. Examples include once a week, twice a week, etc. To learn more, see the Rock Your Groups Guide manual.

Document Types

Use the Document Types page to manage documents for use by any entity. This block provides a summary of the document types, the file type and the associated entity type.

See the Entity Documents chapter for full details.

Routes

The routes section lists all the routes, or URL page names, in use for both the internal and external pages of your site. Some routes come preconfigured in Rock. The ability to edit these system routes is limited, but custom routes you create are fully editable.

Sites

The sites section lists your Rock websites. Rock initially comes configured with three different sites:

• Rock Internal: The internal site used by the organization’s staff to manage people, groups and the system in general.
• External Website: The primary portal for those outside the organization.
• Check-in: The site that's used for the check-in system.

You can add as many sites as you wish. For instance, the site that Spark Development Network uses to manage Rock has all of the sites above plus two additional ones. One hosts the Spark site (sparkdevnetwork.org) and the other hosts the Rock site (rockrms.com). Notice that each site looks different and unique from the outside but shares a common set of data and configuration.

Block Types

Every page in Rock is made up of several blocks. These blocks are the core unit of functionality. For the most part, anything you see on a page is a part of one block or another. The Block Types page lists all the types of block available.

Pages

While most of the configuration for a page can be completed directly on the page itself, there are times when it’s difficult to navigate to a supporting page if it isn’t shown in the main navigation. This screen lists all the pages defined in Rock in a simple tree display to help you get where you’re going. New pages can also be added here.

Content Channel Types

Rock's dynamic content capabilities are a cornerstone of its content management system (CMS) feature set. The Content Channel Types page is where you'll define the data structures for dynamic content.

Content Channels

The Content Channels represent the actual data that's defined for use by the CMS tools.

File Manager

The File Manager allows individuals to upload files and manage directories on your Rock host server.

Themes

Rock comes preconfigured with several themes, all of which you can customize using the Theme Styler. You can also get creative, though, and design your own. All themes, both system and custom, will be listed here, and you can access the Theme Styler for each from this page.

Short Links

You can create short links for the internal and external pages of your site either from this screen, or by clicking the button in the admin tool bar. All of your short links will be listed here.

Lava Shortcodes

Shortcodes are a way to make Lava simpler and easier to read. They allow you to use a simple Lava tag in place of a complex template written by a Lava specialist, which means you can do some really powerful things without having to know how exactly how everything works. Rock comes with some Lava shortcodes preconfigured, but you can create your own. All of your shortcodes will be listed on this screen. To read more about shortcodes and how to author them, see the The Long & Short on Shortcodes manual and the Lava guide.

Font Awesome

Font Awesome is the easiest way to add icons throughout Rock. There's a free version already linked to Rock that's ready and available for use. You can optionally upgrade to a Pro version for more icons.

Cache Manager

The Cache Manager lets you manage the information cached on your Rock server(s) through the use of cache tags. Cache tags work a bit like personal and organizational tags, except in this case you're tagging types of information. Using the Cache Manager, you can tell Rock to clear the cache of information based on those tags. There are two sides when it comes to configuring and using the Cache Manager: the more user-friendly web person side, and the more technical, IT person side. Let's look at the web person side first.

Clear Cache by Tag

From the Cache Manager screen you can add and view cache tags, clear the cache by cache tag, view cache statistics, clear the cache by type and configure the Redis backplane.

The complete list of cache tags, as well as their descriptions and number of items (called Linked Keys) currently cached by each tag are listed in the Cache Tags section of the screen. To clear cached items by a particular tag, click the button for that tag. Clearing the tagged items from the cache won't change the associated linked key number.

Add Cache Tags

Click the button to add a new cache tag. Tag names must be all lowercase with no spaces. Once created, they are stored as a defined value of the Cache Tag Defined Type and can't be deleted.

OK, now let's look at the more technical side of the Cache Manager.

Configure Redis Backplane

A cache backplane is used when multiple servers are running Rock and the cache in each server needs to be kept in sync. If your organization isn't using a load-balanced web farm, don't use Redis. Redis will slow down the response time of the cache.

Click the Redis Backplane Settings button to view the current Redis configuration. If Redis is configured, the panel expands to display the settings. If Redis isn't configured yet, click the Edit Settings button.

1 Enable

Check this box to enable Redis.

2 End Points

Add or remove Redis end points in this field, using the standard Address:Port format. The address can be a name or and IP address (e.g. 192.168.100.5:6379, where the default port is 6379).

3 Password

If Redis is set up with a password, enter it here.

4 Database Number

Enter the Redis database number here. It's possible to run multiple databases with Redis. Because Redis uses a zero-based index, the default database number is 0. If Redis isn't being used for anything else, this number should be 0.

Changes to the Redis Backplane Settings require Rock to be restarted. Clicking the Save button will restart Rock, causing it to be offline for a few minutes. Because an invalid or unavailable Redis backplane will cause Rock not to run, invalid or unavailable configurations are not allowed.

When Rock is back online, it will display a read-only version of the Redis configurations. Rock will try to establish Redis connections to the end points. End points that connect are highlighted in green when Rock displays the results. End points that fail are highlighted in yellow.

When Redis is enabled, the Cache Manager page will update with a summary of available endpoints. If all are available, a green All Redis end points are available message is displayed. Otherwise, a yellow label with the ratio of unavailable servers is displayed.

Warning

Only use Redis if you need it. Not only is the cache slower, but it's a point of failure as well. If the entire Redis cluster goes down and the Rock Cache engine can't contact any endpoints Rock won't work. If the Redis cluster is unreachable for any reason, but the web farm is otherwise functioning, set the EnableRedisCacheCluster setting in web.config to “False” and use just the Rock Cache.

                            <add key="EnableRedisCacheCluster" value="false" />
                        

This allows Rock to function while Redis issues are resolved; however, the servers won't have their cache in sync. Once Redis is back up, changing the EnableRedisCacheCluster setting to “True” will tell IIS to restart the application. Sometimes IIS doesn't do this automatically (or fails while trying) and the app pool will have to be recycled manually.

Asset Manager

The Asset Manager allows you to browse and manage assets in the provider.

Content Component Templates

Out of the box, Rock comes with three preconfigured content component templates. Use Lava to create your own.

Content Channel Item Attribute Categories

Use this page to add or modify categories for content channel item attributes. You can edit the name, description, icon or highlight color.

Persisted Datasets

With Persisted Datasets you can shape data for speed and reuse demanding queries without worrying about performance. For all the details, see the Designing and Building Websites Using Rock guide.

Content Channel Categories

Content Channel Categories let you group and organize your content channels according to how they're used. This page is where those categories can be configured. A content channel can be in more than one category if it's needed in different areas. See the Designing and Building Websites Using Rock guide for more information.

Shared Links

This is where you can create and maintain bookmark links that are accessible by others in your organization. These shared links appear with a person's Personal Links. For full details check out the Person and Family Field Guide.

User Accounts

While you can find a specific user’s accounts on their Person Profile page, you can see a list of all user accounts on these screens. This helps determine which person is tied to a specific account and allows you to monitor general login activity.

Security Roles

Security roles are used to lock down features and data in Rock. While you can configure Rock at the user level (allow and deny specific users), it's much easier to assign people to roles and then build security around those groups. This adds consistency to your security model, which leads to fewer mistakes. The security role pages allow you to manage your roles and to add individuals to them.

REST Controllers

One way you can build applications that extend Rock is through a technology called REST (REpresentational State Transfer, http://en.wikipedia.org/wiki/Representational_state_transfer). If this seems Greek to you, don’t worry. Most developers are familiar with it. The screens in this area help document all of the REST APIs that are available to you. From these screens you can also manage REST API security to ensure only authorized applications can access the data.

Audit Information

Most changes to the Rock database are tracked in a special audit table. The information in these tables is presented in the screens of this section. This is a helpful tool for you to see what changes are being made and by whom. You can also use these logs to write custom SQL reports or create custom jobs that take action after certain changes.

Entity Administration

Entities are specific types of data. A person is a type of entity. So is a group, an email communication and a financial transaction. For those of you familiar with databases, an entity is like a table in your database. In fact, many entities do have a corresponding table in the database. These sets of screens allow you to view and configure the entities in Rock.

There are only two configuration items that you need to worry about. The first is whether the entity is "common." Common entities are shown at the top of the list when you need to select from a list of entities. We've preconfigured Groups and People to be common, but you may wish to add more (especially if you start adding custom entities of your own).

The second configuration item you’ll want to note is related to security. You can also add security to entities to help protect the data they contain. For instance, we've configured the Financial Transactions entity to only be viewable by those in the finance security roles. This is especially useful when it comes to using the reporting features of Rock. The security you define here will be used by the reporting engine to ensure that only authorized individuals can access sensitive data.

Authentication Services

Rock can be configured to allow several types of authentication during the login process. The available options out of the box are:

• Auth0: Auth0 provides authentication and authorization as a service. For full details, see the Auth0 Integration section.
• Database: This is the most common authentication type for most organizations. This stores the user's username and password in the database. The user's password is stored in a one-way encrypted format so it can't be retrieved by any means.
• Active Directory: If your organization uses a Microsoft Active Directory for network logins, Rock can use it to authenticate your staff. To enable this service, you'll first need to activate it and provide the address of a Domain Controller server along with the Domain Name of your network. Then, you'll then be able to configure Active Directory logins for your staff under the Security tab on their Person Profile pages.
• PIN Authentication: This authentication service is primarily used in the Check-in Manager to provide a quick way to authenticate on touch devices. This authentication only requires a username made up of numbers.
• Facebook: You can also enable the use of an individual's Facebook account as authentication to Rock. This makes their life a little easier because they have one less password to remember. In order to enable this, you'll need to configure a Facebook application.
• Google: This authentication provider allows guests to use their Google account with Rock.
• Twitter: As you can probably guess... yes, you can use Twitter as an authentication source.
• OidcClient: OpenID Connect (OIDC) is an open standard for verifying the identity of an individual in one system based on the authentication performed by another system. In this case, Rock would be the Client, allowing people to log in to Rock using credentials from another system. For more information on using Rock as an OIDC Server see the OpenID Connect chapter of this guide.

REST Keys

When writing applications that use Rock's REST API you'll need to use keys for authentication. These keys can be set up and configured here. See Rock's developer documentation for more information on using REST keys in your applications.

REST CORS Domains

Writing secure web applications requires that all domains that use your server's REST API be authorized using Cross-Origin Resource Sharing (CORS). You can define these allowed domains here.

Inspect Security

The Inspect Security page does just what the name implies: allows you to quickly verify a person's security settings. It also allows admins to "pop the trunk" on their own security settings when they lock themselves out of Rock. (It happens sometimes.) To read more about verifying permissions, see the Security Settings chapter of this manual.

Person Signal Types

Signals are discreet flags that can be assigned to a person to bring attention to a sensitive or private matter. As with most aspects of Rock, signals are highly customizable. They can be used to flag anything from security concerns to high-level lay leads and everything in between. Check out the Person Signal Types chapter of the Person & Family Field Guide to learn more about this powerful feature.

OpenID Connect Clients

When you're using Rock's OpenID Connect server feature, this is where you'll go to add your clients. We cover this area in detail in the OpenID Connect chapter below.

Cloning Security Role Groups

We’ll wrap up our Security Settings chapter by circling back to the Security Roles page we reviewed earlier. To save you time (and possibly a headache), you can access the Security Roles page to clone security role groups. Cloning allows you to make a copy of an existing group along with all of its security settings. Group members are not copied over to the new group.

Cloning groups is a quick and easy process. Simply choose the group you want to clone in the Security Roles Group List and click the button. The word “copy” will be appended to the name of the group. Click the Edit button to change the name and description of the group, and to make any further changes to the group’s settings. Then click Save. When you return to the Group List, the newly-cloned group will be listed among the other security roles.

Communication Templates

You'll find over time that you often send the same types of emails and SMS messages over and over. When you see this pattern consider making a communication template to help simplify these tasks and improve consistency.

System Communications

System Communications (formerly known as "System Emails") are communication templates that are used by Rock to send very specific messages. Typically these are automated communications, such as the message someone receives when they've forgotten their password and requested to reset it.

System Communications can be used with either emails or SMS messaging. While Rock sets these up to look professional from the start, you may want to modify them to match your organization's branding. You can edit these communications under Admin Tools > Communications > System Communications.

Communication Mediums

When you send a new communication from Tools > New Communication or from the bottom of any grid that contains a list of people, you can select to send either an SMS message or an email. Both of those are communication mediums. You can configure the settings for each medium from the Communication Mediums page. This is where you can set the Email transport to use normal SMTP or a bulk delivery service like SendGrid. This is also where you can configure the SMS channel to use Twilio to send text messages.

You can also add communication mediums to the list. For example, it’s possible that in the future a new medium might be created to push content through an organization's mobile app. Once this new medium is written (by either a third-party or the core team), it can be simply dropped into Rock and worked by using configuration from these screens.

Communication Transports

We mentioned services like SendGrid, Twilio and SMTP in the Communications Mediums section. These delivery options are called transports. They take the message contents and make sure that they get to the recipients. Each transport has a set of configuration options specific to its needs. For example, the Twilio transport requires an account SID and a token to tie into your account.

Like channels, new transports can easily be added over time, from either the core Rock team or third parties.

SMS Phone Numbers

This menu item is a hotlink to the SMS Phone Numbers defined type. This defined type helps you configure the SMS environment. See the Communicating With Rock guide for more information on SMS.

Safe Sender Domains

This menu item is a hotlink to the Safe Sender Domains defined type. This defines the domains that can be used to send emails. If an email communication is created with a From address that isn't from one of these domains, the Organization Email global attribute value will be used instead and the original value will be used as the Reply To address. This helps reduce the likelihood of communications being rejected by the receiving email servers.

Send Photo Requests

These pages allow you to send and administrate requests for photos from your community. You can find detailed instructions for these tools in the Person and Family Field Guide.

System Communication Categories

This page allows you to create and manage categories (e.g. Event Registration, Groups) for your system communications.

Communication Queue

The Communication Queue is where communications that are pending approval or have failed to be sent are stored. Ideally you'll never see anything listed here but, if you do, you’ll know something elsewhere in the system needs attention.

While the Communication Queue doesn't require any configuration, the Send Communication job settings will affect what may end up in the queue. By default, the Send Communication job waits 30 minutes before sending any new communication to prevent any sending overlap for communications requiring approval.

Also, you can use the Communication Queue Alert job to send an email notice to specified recipients when a communication is sent to the Communication Queue. This helps to ensure the queue is being monitored regularly.

The Send Communication and Communication Queue Alert jobs can be configured by going to Admin Tools > System Settings > Jobs Administration

Communication List Categories

The Communication List Categories page is where you can view, edit and create new categories for use with communication lists. Communication list categories can be used for a number of powerful functions, from segmenting communication lists to allowing communication recipients to subscribe and unsubscribe from lists. To learn more about communication list categories, see the Communicating With Rock manual.

Communication Lists

This page allows you to view, modify and add communication lists to be used with the Communication Wizard. To learn more about communication lists and sending communications, check out the Communicating With Rock manual.

Communication Template Categories

This page allows you to view, modify and add communication template categories. To learn more about communication templates, check out the Communicating With Rock manual.

SMS Pipeline

This is where you'll configure your SMS phone numbers with the necessary actions used by your organization. Check out the Communicating With Rock manual for more details.

Nameless People

If you receive SMS messages from phone numbers Rock doesn't recognize, the number becomes associated with a Nameless Person record. This page is where you can view these phone numbers and link them to a person in your system. For more information check out the Communicating With Rock guide.

Communications Settings

This page is used to specify the template you want to use for approver notification emails. By default the Communication Approval Email template that ships with Rock is selected. For details see the Communicating With Rock guide.

Check-in Configuration

These screens help manage the setup of your check-in configurations. These settings are discussed in detail in the Checking-out Check-in guide.

Named Locations

This configuration screen allows you to define specific locations with a name. You'll want to use this to define your campuses, buildings and rooms. These Named Locations can then be used with configuring groups, check-in, etc.

The Named Locations page can alternatively be accessed from Admin Tools > General Settings > Named Locations

Schedules

Several features require the configuration of repeating schedules. For instance, check-in needs to know your organization’s schedules to be able to configure the time check-in should start. These screens allow you to create those schedules.

The Schedules page is also available under Admin Tools > General Settings > Schedules

Devices

The devices screens are used to manage devices that interact with Rock in some way. Today this is primarily used to help manage check-in kiosks but in the future we hope to add support for all types of devices.

The list of devices is also available under Admin Tools > General Settings > Devices

Check-in Labels

The check-in process can be configured to use several formats of printed labels. These labels and their configuration are managed using these screens. The Checking-out Check-in guide also covers the creation and configuration of these labels.

Ability Levels

This is a short-cut link to the Ability Levels defined type. Ability Levels are used to classify developmental stages. Ability Levels can also be accessed under Admin Tools > General Settings > Defined Types > Ability Levels

Label Merge Fields

This is a short-cut link to the Label Merge Fields defined type. Label Merge Fields are used to find and print data for labels. This defined type is also available under Admin Tools > General Settings > Defined Types > Label Merge Fields

Search Type

This is a short-cut link to the Search Type defined type. Search Type are the ways to search for a family (e.g. phone, name, etc.) in check-in. You can also manage this defined type from Admin Tools > General Settings > Defined Types > Search Type

Using a Merge Document

You'll notice at the bottom of most grids there's a button. Pressing this button will take the contents of the grid and make it available to import into a merge document.

1 Count

Shows you how many records will be merged into the document.

2 Show Data Rows

Shows the first 15 records that will be used for the merge.

3 Show Merge Fields

This is a cheat sheet of sorts to help you create a merge document for the data provided.

4 Combine Family Members

When checked, family members will be combined into a single row instead of one row per person. For example, when using {{ Row.NickName }} Ted Decker and Cindy Decker would be combined into 'Ted & Cindy'.

5 Merge Template

The template to use for the merge document.

6 Merge

This button will initiate the merge process.

That’s it! Pretty easy, no?

Administrating Merge Templates

Merge documents are created from templates. Some merge templates will be used by everyone; others, though, can be limited to a specific role or person. To help keep the list of merge documents from getting out of hand, we’ve created the ability to classify templates as either global or personal.

Global Merge Templates

You can set up a list of merge templates that are accessible to everyone in the database under Admin Tools > General Settings > Merge Templates.

Security can be added to templates on the Merge Template Detail block. Security settings are enforced whenever a merge document is created.

Personal Merge Templates

You can set up a merge document for your personal use on your My Settings page (found under the dropdown in the upper-right corner of the screen).

From this screen you’ll see your own personal templates as well as any others you can access based on security roles or direct assignment.

Creating a Merge Document

As mentioned previously, Rock currently supports two different merge document formats: HTML and Word. Below we cover how to create a merge document for each format.

Word

The most common document format is Word. Creating these documents is actually pretty simple. Before we jump in it's important to talk about the two strategies for merging using Word.

The first strategy is to create a Word document where the whole document acts as a template for each record. This is most common for things like letters.

With this type of document you can simply open Word, type your letter and then add in the Lava where you want the dynamic text to show. Note that you have access to most of Lava's capabilities in Word. So things like {{ 'Now' | Date:' MMMM d, yyyy ' }} will place in the current date and time.

The second merge document strategy is for occasions when you want more than one record to be displayed on a single page. This is often the case for tasks like creating mailing labels. When creating these types of documents add a {%Next%} code to move to the next record in the list.

Rock will automatically figure out what strategy your document is using so there's no extra configuration.

HTML

You might be wondering, "Why would I ever want to use HTML for a merge document?" At first blush it does seem a little odd. HTML, however, is a great tool for incorporating rich media into a format that can easily be printed. It’s often the best choice when you need to print a report that requires showing maps (easy to display using Google's static map API) or person photos (links to their photo in Rock).

Below is a quick example of some HTML/Lava that will present a list of people with their photos (this assumes that the merge document is passed a list of people).

<html>
    <head>
		<title>Group Roster</title>
		<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
	</head>
	
	<body>
	    <div class="container" style="margin-top: 100px">
			<div class="row">
			    
				{% for row in Rows %}
					<div class="col-xs-6 clearfix" style="margin-bottom: 24px; min-height: 200px;">
						<div class="pull-left" style="margin-right: 24px; width:20%;">
							<img src="{{ 'Global' | Attribute:'PublicApplicationRoot' }}{{ row.PhotoUrl }}" style="width: 100%; border-radius: 100px;" />
						</div>
						<div class="pull-left">
							<h1>{{ row.FullName }}</h1>
							{{ row.Email }} <br />
							{% for phone in row.PhoneNumbers %}
								{{ phone.NumberFormatted }} <small>{{ phone.NumberTypeValue.Value }}</small> <br />
							{% endfor %}
						</div>
					</div>
				{% endfor %}
				
			</div>
		</div>
	</body>
</html>

Note a few things in the code:

• Line 4: We link out to a hosted version of the Bootstrap CSS file. This provides an easy way to get a default set of styles.
• Line 11: Now we simply run through each of the rows that were passed to us.
• Line 14: Inserting a photo is simple! The PhotoUrl property for a person even returns a generic image if the person doesn’t have a photo.

As you can see, creating HTML merge documents is easy. Here are a few additional tips:

• Adding map images to your merge documents is also fairly simple. Use the following links for more information:
  • Google Maps API
  • Static Map Helper
• HTML merge documents are usually printed. While most people think of HTML as an online-only file format, it actually does have several print capabilities like page breaks. Here are a few links to point you in the right direction:
  • Styling for Print
  • CSS Page Breaks

Cloud Flare

Enabling Scrape Shield with Cloud Flare will block email addresses in HTML merge documents. If you're using this service it will need to be disabled.

SQL Command

The SQL Command page is very powerful, and should therefore be used with great caution. Rock is built on top of Microsoft’s SQL Server database. While for most people this is a detail they don’t need to know, at times administrators may want to use SQL to get direct access to their data.

The SQL Command block allows you to write SQL statements and have them executed directly in the database. When used with a SELECT command, the results of your query will be displayed in a grid below the command.

You can also enter UPDATE and DELETE commands if you wish. For them to work, you’ll need to flip the Selection Query toggle as an additional fail-safe.

External Applications

We've worked hard to make as much of Rock available through a web interface as possible. Some functionality, though, requires interaction with devices, like check scanners, that don’t work through today’s web browsers. Other times there are situations, like creating giving statements, where the processing of a request could take awhile to complete. In these cases, we’ve developed Windows applications to run on your desktop. These applications can be downloaded from the links provided in this section.

Sample Data

Whether you’re just starting out with Rock or setting up a training environment to share your expertise with others, it's helpful to have some sample data to play with. The Sample Data block is a one-step way to import a consistent set of sample data. You'll recognize many of the names from the examples in the Rock documentation. Feel free to run the import repeatedly to keep time-sensitive data like attendance current.

Model Map

The Model Map is used to access a complete list of every property an entity has. Feel free to explore this area, but keep in mind it's pretty much only used by developers.

API Docs

This area shows you all entities that have REST endpoints you can use with your custom code. Like the Model Map, as an admin you should be aware that this page exists, but it’s really for developers to use.

Power BI Registration

Business Intelligence (BI) is a buzz term for tools that allow you to quickly analyze data and present actionable information to leaders. The Power BI Registration page is where you’ll go to set up and register your Power BI account. If you want to learn more about BI, start with our Business Intelligence manual.

Workflow Import/Export

This tool allows you to share workflows with individuals outside your organization, and to import workflows created by other organizations. There’s a whole chapter dedicated to this feature in the Blasting Off With Workflows guide.

Location Services

Knowing the locations of those who engage with your organization can be very powerful. In order to do this, you need to be able to convert a person's address (3120 W Cholla St Phoenix, AZ 85029) to a latitude / longitude point (33.590795 , -112.126459). To do that, you’ll need to run your addresses through a geocoding process. Rock will handle all of the work, all you need to do is provide a geocoding service to handle the requests. Rock has a couple of services for you to pick from. More information on geocoding can be found in the Locations section of this document.

Like the geocoding services, you can also send your addresses through a standardization process. These processes can fix the following for your addresses:

• Fill in any missing items (555 W Main to 555 W Main St)
• Fix any case issues (555 w main st to 555 W Main St)
• Standardize elements (555 West Main Street to 555 W Main St)
• Append Zip+4 info (85383 to 85383-3622)

The standardization process helps increase the quality of the addresses in your database. More information on address standardization can be found in the Locations section.

Entity Attributes

We’ve already discussed how attributes can be attached to common entities like people or groups. By now you know about those attributes and the power they bring to Rock. But that's only the tip of the iceberg. From the Entity Attributes page you can add attributes to any entity that exists in Rock.

Sometimes you won't want the attribute applied everywhere the entity exists. For instance, you might want a group attribute to apply only to groups of a certain type. You can narrow the scope of the attribute using the Qualifier Field and Qualifier Value fields. Using these fields, the attribute pictured below will only be attached to Connection Request Activity entities within the "Children's" connection opportunity. Rock's Model Map can help you identify what properties you can use as qualifier fields.

Although there's a dedicated page for this, you can also create Global Attributes from the Entity Attributes page. For the most part, you shouldn't need to do this unless you're writing your own code to run inside Rock. To add a Global Attribute, simply create a new entity attribute that isn't tied to any entity.

Search Services

Rock’s Smart Search box at the top of every page allows you to search for people and groups using various criteria like name, phone and email. These screens allow you to manage those search types. For the most part you’ll want to leave them set as-is, but you can inactivate one if you find it isn't helpful. A key concept is that you can write your own search services with some custom coding. If you do, they will appear on this list for you to enable and configure.

Jobs Administration

While much of Rock works through the interaction of individuals within the system, there are times when you’ll want to run functionality in the background. For example, you may want to run a process to clean up or update data in the system in an automated fashion. These background tasks are called Jobs and can be managed and scheduled through the screens in this area. See the Jobs section for additional details.

Data Filters

Data Filters are an integral part of Rock’s reporting strategy. Hopefully you’ve already read about them in the Taking Off With Reporting guide. At a high level, data filters allow you to narrow down your view of data by providing specific criteria. These filters can be enabled, disabled and secured in this set of screens. Like many things in Rock, you can develop your own Data Filters that can be managed here.

Data Transformations

Once you’ve filtered your data, you can add a transformation to it before it's displayed. Say you've filtered to see only children who have attended twice in the last two months, but you really want to display information about the parents of these children. A transformation (in this case the Person Parent Transformation) would convert the child data to parent data. You can manage these transformations here. Just like with filters, you can also develop your own transformations.

Data Selects

Data selects are used in reporting. When you create a report, you provide it with a data view to act as a filter. You also add columns to your report. Many of these columns will be attributes of the person or group. You can also choose to add some powerful dynamic columns. These dynamic columns are managed and secured from this screen.

File Storage Providers

In the File Types section we discussed file storage providers. These providers help Rock manage the saving and retrieving of files to different storage media. The two default storage types are Database and File System, but others like Amazon, Cloudinary, Azure or Google can be used. Under the File System configuration, you can change the default location for file storage. For the most part, you can leave these settings as you found them.

Exception List

Despite all of our work to eliminate bugs, some will sneak by us. Exceptions, also known as errors, can occur as a result of software bugs or when blocks and pages are misconfigured. While you can set these errors to be emailed to you (see General Settings > Global Settings > Email Exceptions List), you can also view the history of these errors here.

Exceptions are sorted chronologically. Instead of showing you every error in a large list, we've grouped them by type. This helps you determine how often an error is occurring.

Protect My Ministry

Rock provides a seamless integration with Protect My Ministry to provide reliable background checks for your organization. See the Background Checks chapter for specifics on this integration.

Checkr

Checkr provides modern and compliant background checks for use with Rock. With your Checkr token from RockRMS.com you’ll be able to initiate background checks using Checkr’s scalable, cost-effective and rapid screening solutions.

Financial Gateways

Financial gateways allow Rock to move money from individuals’ accounts to the organization. Information on these gateways and their configuration is provided in detail in the Rock Solid Finances guide.

Background Check Providers

These screens allow you to configure different background check providers. You can read more about Rock's background check features in the Background Checks chapter.

Signature Document Providers

Digital signature providers create a reliable and legal way of gathering digital signatures. We plan to implement a native digital signing feature to Rock in an upcoming release. We recommend holding off for that solution instead of purchasing a subscription to SignNow.

Category Manager

The Category Manager allows you to add categories for any entity type in Rock. Think of it as your one stop shop for any category. To help simplify the process be sure to use the entity type filter.

System Configuration

This screen allows you to change some technical configuration settings in Rock. For the most part you should never need to worry about these settings, but we've provided this page to help you change them if needed.

• Enable Multiple Time Zone Support: Out of the box Rock assumes that all campuses are in the same time zone. There's typically not a big impact when they’re different, except for check-in. Enable this option to ensure check-in works as expected across different time zones.
• Always Show Businesses in Person Picker (v12.4): If this is enabled then businesses will appear in the search results when you're using any Person Picker in Rock. That means if you search for 'Decker' you'll see Ted and his family, but you'll also see the 'Decker & Sons Plumbing' business returned.
• Time Zone: During the install you should have set your time zone. If you need to change it, you can do that here.
• Enable Run Jobs In IIS Context: By default, Rock’s job engine runs on the webserver. This setting allows you to disable this in order to run jobs as a Windows Agent. See the Jobs section for more information on this topic.
• Max Upload File Size: For security reasons, webservers limit the maximum file size that can be uploaded. This helps to limit the impact of denial of service attacks. Rock has set the default value to 10 MB. If you need more you can update the size here.
• Cookie Persistence Length: Use this setting to override the authentication cookie length. The value you set will become the default for things like the REST API. This will impact how frequently a person needs to authenticate, so try to strike a balance between convenience and security.
• Enable Database Performance Counters: This setting should remain disabled unless you're actively troubleshooting a system performance issue. When enabled, and after the system restarts, Rock will start collecting data about the usage of your database "connection pool". Rock ships with a set of Metrics you can use to see the results of this data collection. These metrics can be accessed in Rock under Tools > Metrics | Hosting Metrics and will provide the information described below:
  
  
  • Number Of Active Connections - The number of active connections that are currently in use. This number will naturally jump up and down during the day.
  • Number Of Free Connections - The number of open connections available for use. This number will decrease as the number of active connections increases.
  • Hard Connects Per Second - This is a count of how many connections are being opened explicitly each second. You might expect this number to rise when first starting Rock or when there aren’t enough available connections in the connection pool.
  • Soft Connects Per Second - The number of connections being obtained from the connection pool per second. Note, it's possible for this number to be larger than the number of connections in your pool because most connections are used for only fractions of a second.

Application Groups

Application groups are, as the name suggests, groups that are used by the Rock application. This way, Rock can refer to the members of a group instead of running through complex logic to identify certain individuals. These groups are listed here for administrator access.

Merge Template Types

Rock allows you to have several different merge template types (think 'HTML', 'Word', etc.) You can manage these provider types with these screens.

Note Types Settings

Rock allows any entity type (People, Financial Batches, Prayer Requests, etc.) to have notes attached to it. In fact, you can even have different types of notes on a single entity. These screens allow you to set up this powerful feature. You can read more about these features in the Note Types chapter of this manual.

Following Events

This section allows you to define new Following Events. You can read more about these features in the Person and Family Field Guide

Following Suggestions

This section allows you to define new Following Suggestions. You can read more about these features in the Person and Family Field Guide

Universal Search Index Components

This page is used to view and maintain the available Universal Search Index Components. Universal Search allows you to search multiple types of data at once in a full-text manner. In a sense, it's like Google for Rock. To learn the ins and outs of Universal Search, check out the Universal Search guide.

Calendar Dimension Settings

These settings are used to support Rock’s Business Intelligence (BI) features. In short, these settings relate to date-based information that may be impacted by your organization’s fiscal year. Check out the Business Intelligence guide for full details.

Phone Systems

This page is part of the framework for linking Rock to PBX phone systems. The features added here allow for plug-ins to be created for specific phone systems to allow for features such as creating interactions from call detail records and click to call.

Note Watches

Here, administrators can see everyone who's watching a note, and can add new "watches". See the Watching Notes section for full details.

Spark Data Settings

Spark Data is a feature in Rock which manages paid services that are offered by Spark Development Network. This allows us to offer services to your organization, often at lower costs than if everyone had to go set up their own service individually, and without forcing you to compound the number of bills, accounts and API keys you have to keep up-to-date.

Initially, this includes the National Change of Address (NCOA) service, but more services will be added to this list over time.

To begin with Spark Data, click the Sign-up Now link and you'll be taken to rockrms.com/sparkdatalink (pictured below). If you don't have a rockrms.com login, you'll need to create one. If prompted, choose which organization you want to turn on Spark Data for. You'll then see a page like this:

1 Spark Data Key

Once you've added the credit card and enabled the service, a Data Key will be generated and shown here. Copy this key; you'll need it in a moment.

2 Spark Data Payment Methods

Your organization will need to have a payment method (e.g. credit card) on file for any services you request.

3 Spark Data Receipts

A summary of previous transactions is provided. Click the icon to view a detailed receipt for a single transaction.

Now you can return to your own Rock installation. Go back to your Admin Tools > System Settings > Spark Data Settings page, and paste in the Spark Data API Key where prompted. If you'd like, you can also choose a group of people who you'd like to be notified about the success or failure of any Spark Data jobs. Click Save when you're done.

National Change of Address

The National Change of Address (NCOA) list is a database that the United States Postal Service maintains to reroute your mail to a new address when you move. In other words, it’s a big list of official address changes.

What does that mean for your organization? As you’ve probably experienced, people aren’t always very diligent about letting you know when they move. Even if you notice someone has been absent, it could be that they’re on vacation or have had a change to their work schedule.

Whatever the circumstances may be, as a Rock admin you want to ensure your data is clean and up to date. The NCOA service, brought to you through Spark Data, helps you do that by comparing addresses in your system with their list of address changes. When a match is found, it will respond according to the settings you choose.

NCOA is configured through the Admin Tools > System Settings > Spark Data Settings page - refer to the above section and make sure you've got Spark Data enabled before moving on.

1 Enable

Check this box to allow the NCOA service to run. The entire process of checking your addresses can take up to a few hours; once you've started the process be sure to not disable this setting before it completes.

2 Agreements

You'll need to accept the TrueNCOA terms of service and acknowledge that the cost of uploading your addresses for comparison is $50 each time. Most organizations choose to run this quarterly or yearly, which would translate to $200 or $50 a year, respectively.

3 Person Data View

Choose a Data View which contains people whose addresses you want to check. For example, you’ll want to exclude inactive records.

4 Minimum Move Distance to Inactivate

Set how many miles away from their previous address people must move before their records are automatically inactivated. In larger cities, as few as 30 miles would sometimes be sufficient to assume they are no longer attending, while more rural areas might need a much higher limit.

5 Mark 48 Month Move as Previous Address

If someone has recently joined your organization you might use this option to add their former address as a Previous Address in Rock. Former addresses older than 48 months are not included.

6 Mark Invalid Addresses as Previous Addresses

If the service finds that you've got an invalid address stored for someone, you can use this option to set it as a Previous Address. That way you can keep the address in your system for historical purposes, but you won’t be sending mail to an invalid address.

7 Inactive Record Reason

If a person's record is inactivated because of the distance they moved, you can specify which reason should be added to their record for why they were inactivated

8 Recurrence Interval

This setting governs how often the addresses for people in your Data View are checked against the NCOA list. Remember, every time this happens it costs $50, so budget according to your need for timely updates. If you only want to run this job manually, leave this box unchecked.

9 Save

As always, when you're done configuring the service, don't forget to click Save!

10 Run Manually

Once you have everything set up, you can click this button to run the job manually instead of waiting for the job and schedule you set.

After your NCOA job has run, you can view your Tools > Data Integrity > NCOA Results page. It will look something like this:

This page will list every family whose address was checked, so it can get very long very quickly. Be sure to use the Filter Options to narrow the list to only the records you want to see.

Asset Storage Providers

An asset storage provider basically refers to storage space in the cloud for things like pictures or videos that are used by your website. Check out the Designing and Building Websites Using Rock guide for more information on configuring the asset manager.

Assessment Types

Rock ships with Assessment Types already configured and ready to use for each available assessment. Generally you won't need to change these settings, but you may want to adjust the Minimum Days to Re-take or Requires Request options.

• Minimum Days to Re-take: The minimum number of days after the test has been taken before it can be taken again by the same person.
• Requires Request: If enabled, a person is required to receive a request before the assessment can be taken.

Our Assessments guide has all the details you'll need on each of Rock's assessments.

Rock Logs

Rock provides a simple, easy to use logging tool. Most of the time you won't need this, but having logs can be helpful when troubleshooting or researching. The Rock Log is similar to the Exception List, except you can track more than just errors.

Logs are turned off by default, and typically should only be turned on if there is a specific need. To enable Rock logging, simply select the Verbosity Level and the domain or domains you want to output. In Rock v12.4 and earlier, these settings are found in Admin Tools > System Settings > System Configuration. You have the following choices for the Verbosity Level:

• Off: No logging should be performed.
• Fatal: Very severe error events that will presumably lead Rock to abort.
• Error: Error events that might still allow Rock to continue running.
• Warning: Potentially harmful situations.
• Info: Defines the default set of levels recognized by the system.
• Debug: Fine-grained informational events that are most useful for debugging Rock.
• All: Log everything.

Configuring Entity Documents

The first step is to define what types of documents you can add to entities. Navigate to Admin Tools > General Settings > Document Types to manage the types of documents that can be stored for each entity. Pictured below, you can see we've already configured three types of documents, all for people.

You might be wondering why we didn't mix it up a little and show you some example document types for other entities besides people. We're starting with the Person entity on purpose, and you'll see why in a bit.

Click on any row to manage details about a document type, or click on the button to add a new document type.

1 Name

Provide a descriptive name for the document type.

2 File Type

Each document type must be associated with a file type. See the File Types section above for more details.

3 Entity Type

Select the entity type for this document type. Document types can be associated with people, groups or any other entity.

4 Is Image

Select this checkbox if the document is an image.

5 Manually Selectable

Check this box if the document type can be manually added to an entity (e.g. by a staff person or volunteer).

6 Icon CSS Class

This setting allows you to enter the CSS class for the icon you wish to use. When using Font Awesome, you should use the syntax fa fa-[icon name].

7 Max Documents Per Entity

With this setting you can limit the number of documents of this type that can be added to the entity.

8 Advanced Settings

Click this link to show or hide the Advanced Settings fields described below.

9 Entity Qualifier Column

If you want the document type to only apply to specific entities of the specified Entity Type, then you can provide a column to filter on for that entity. For example, if you would like the documents to be specific to a group of a certain type then you would enter ‘GroupTypeId’ here.

10 Entity Qualifier Value

After you provide an Entity Qualifier Column you’ll need to also provide a value here. In the example of groups of a certain type, the Entity Qualifier Value would be the Group Type Id value (e.g. 12) for the desired group type.

11 Default Document Name Template

Use this field to provide default text that will automatically be populated in the Document Name field when adding a document of this type to an entity.

Person documents are the easiest to configure because all you need to do is define your document types as described above. Rock ships with everything else you'll need to start adding documents to people right away. See the Person and Family Field Guide for an example.

Setting up documents for other types of entities is still pretty easy, but there's an extra step or two you'll need to take. We'll show you what you need in the next section below.

Adding the Documents Block

In the above section we described how to configure types of documents. That's all you need for Person documents because the Person Profile page ships with a dedicated tab for managing documents. However, for entity types other than Person, there's a little more to it. In this section we'll show you what else needs to be done, using the Group entity as an example.

First, you still need to set up a document type as described in the prior section above. In this case, we'll add one with an Entity Type of Group.

Now that we have a document type we can use with groups, we need a way to actually manage those documents. This is where the Documents block comes in.

Because we're working with groups in this example, we’ll add the Documents block to the Group Viewer page in Rock. You can do this from the Group Viewer page by using the admin toolbar to edit the page’s zones.

Pictured below, we’ll add the Documents block to the Main page zone by clicking the button to add a row.

Adding the block is easy. As pictured below, simply provide a name and select Documents as the Type. Click Save and then Done to finish.

When you first add the Documents block to a page, there’s a good chance you’ll see a warning message telling you to “configure a valid context entity” for the block. That just means you need to let the Documents block know what kind of entity it’s working with.

To do that, we’ll use the admin toolbar again to access the settings for the Documents block. In this example you’ll need to provide an Entity Type of "Group" to ensure the block works with groups. While we're here, there are some other block settings you might want to be aware of, as described below.

1 Name

Provide the block with a descriptive name.

2 Heading Title

A title will appear at the top of the block if one is provided, otherwise the block will have no title in the heading.

3 Heading Icon CSS Class

You can optionally assign an icon that will display in the block’s heading.

4 Document Types

If you want the block to only work with documents of certain types, you can list those types here. In the example pictured above, only “Meeting Information” documents will be accessible from the block.

5 Show Security Button

Showing the security button allows you to manage security access for each document.

6 Entity Type

This is where you tell the block what type of entity it’s working with. In this example we’re only interested in group documents, so “Group” has been selected.

The Documents block is now ready to start handling documents for groups. We'll walk through what that looks like in the next section below.

Managing Entity Documents

With the new block added, we can start adding documents to our groups. Start by clicking the icon in the Documents block to add your first document as shown below.

1 Document Type

Select the type of document that you want to add. The available items are controlled by the document type’s configuration and by block settings.

2 Document Name

If configured for the document type, a default name may be pre-populated here. Otherwise it will be blank. You can provide your own name or edit the default name.

3 Description

You can optionally add a description to provide specific details related to this document.

4 Add Document

This is where you attach the actual document for this entry.

After you add one or more documents for the group (or the entity you're working with) there are several ways to manage those documents from the block. In the example below, we've added two documents that we can now manage.

1 Document Type Filter

Use this drop-down menu to filter the document types are that are shown below, or to show all document types.

2 Document Information

A summary of information for each document is shown for reference.

3 Document Icon

You can hover over this icon with your mouse to view the document’s Description if one was provided.

4 Download

Click this icon to download a copy of the document.

5 Security

Security settings can be applied to the document itself, allowing you to have different restrictions for different documents. This icon will only appear if it’s enabled in the block settings.

6 Delete

Click this icon to delete documents from the list. This action cannot be undone, so use caution when deleting documents.

We've been using groups in the above examples, but don't forget that the Documents block works with any entity in Rock.

Adding Documents Using Workflows

The Entity Document Add workflow action lets you add documents to any entity using a workflow. There are a few things to keep in mind when you’re doing this.

As described in the sections above, each Document Type is associated with both an entity and a File Type. This means your workflow might get tripped up if it’s working with the wrong type of entity or with a file that doesn’t align with the File Type configuration.

For instance, if the Document Type is configured for the Group entity, and if your workflow is trying to add a document for a Person, it won’t work. The workflow entity and the Document Type entity must match or else you’ll get an error.

Similarly, the document you’re trying to add needs to conform to the File Type configuration for the File Type that’s associated with the Document Type you’re using. This will probably only be a concern if the File Type configuration has Preferred File Settings that are required.

Lastly, don’t be surprised if you’re able to add a document in cases where you think you shouldn’t be able to. For instance, the Media File File Type that ships with Rock is intended to be used for audio or video files but there’s nothing stopping you from adding a Word document using that File Type.

Managing Your Campuses

You can create or maintain campuses from Admin Tools > General Settings > Campuses. There you'll see a list of campuses that you can manage or add to. Selecting a campus will bring up the campus details screen.

1 Name

Even if you only have one campus, choose a name that will still make sense if you ever expand. A simple name like “Main Campus” typically works well.

2 Active

As you bring new campuses online, you may want to add them as inactive until you have time to configure them and prepare for the announcement.

3 Description

You can use this field to provide a description for your campus. This might be something you display to your website guests.

4 Status

Sometimes there are pending campuses are not yet open that you want to begin configuring, or which are now closed but important to keep for record-keeping. Campus statuses are stored in the Campus Status defined type.

5 Type

You may want to easily differentiate between different types of campuses – whether Physical, Online or some other type. Campus types are stored in the Campus Type defined type.

6 Code

When you grow beyond two or three sites, it's common to develop a shorter naming convention to help you refer to a campus. For example, if your campus is named “Main Campus” then you might choose “MAIN” as a short code.

7 URL

The web address for the campus.

8 Time Zone

You’ll see this if you’ve enabled support for multiple time zones in the System Settings. You can leave this blank if campus time zones are all the same.

9 Campus Leader

Here you can optionally indicate the person who's in charge of running the campus.

10 Service Times

Here you can list the days and times that this campus offers services.

11 Contact Information

If the campus has its own phone number you can provide it here. You must provide a location, which is why you have to set up the location before you add a campus.

12 Campus Schedules

As of Rock v12.5 you can associate Schedules directly with the campus. This can be done for reference, but also can be used by blocks like Service Metric Entry.

Campus Teams

Associating people with a campus helps you easily identify key staff, and their roles, at that campus. This is accomplished using the Campus Team system group type. Each campus functions like a group, with its own members and roles.

Adding a person to a campus is just like adding members to other types of groups. Click the button on the grid to add new members and define their role at the campus.

Teams for your campus can be created with either single-campus or multi-campus setups.

Adding Attributes to Campuses

You can add attributes to your campuses to track information about them beyond the settings described above. To do that, just follow these steps:

1. Go to Admin Tools > System Settings > Entity Attributes.
2. Click the button to add a new attribute.
3. Select the Entity Type of "Campus" and set up the attribute information. You don't need to add a value for the Qualifier Field or Qualifier Value fields.
4. After clicking Save, you can configure security for the attribute if needed.
5. You'll now be able to set a value for this attribute in the Campus Details page above.

Configuring a Job

You can maintain current jobs or add new jobs under Admin Tools > System Tools > Jobs Administration.
There you'll see a list of currently configured jobs. You can click a job to modify the configuration or click the Add button in the grid footer to create a new job.

Clicking on an existing job, or adding a new job, will bring you to the page pictured below.

1Name

Provide a concise description of what the job is doing.

2Active

Mark the job as active or inactive. Only some of the jobs that ship with Rock are active by default, so it’s a good idea to check these statuses to make sure everything you need is active.

3Description

Provide details about what the job does and any background criteria that you may want to know in the future.

4Notification Status

This defines when a notification email should be sent. Options are:

• Success – when a job finishes successfully
• Error – when a job encounters an error
• All – for both Success and Error
• None – never

5Cron Expression

Cron expressions are a concise schedule pattern that defines when the job is run. They can be difficult to write without help. We recommend using the CronMaker.com website to assist you in creating these expressions.

6Notification Emails

This is a comma-separated list of emails for the job; used when a notification needs to be sent.

7Job History Count

On the Jobs Administration page you can view the history of runs for each job by clicking the icon. By default this is limited to the last 500 occurrences, but you can adjust how much history to retain here.

8Job Type

Select the type of job to run.

9Job Settings

Each job type will have a set of configuration items. In the example pictured above, the RunSQL job defines the SQL statement that you want to run when the job executes.

Under the Hood of the Jobs Engine

Fair warning, this part gets a little technical. By default, the jobs engine runs on the webserver under the IIS webserver's context. By default, IIS will shut down if no requests come in for a page. This will mean that your jobs may not execute late at night if no one is visiting your site. To mitigate this problem we created a special Job Pulse job that's set to run every 30 seconds. Its only purpose is to load a special KeepAlive.aspx page. Doing so always keeps IIS alive.

Care and Feeding of Rock

Just like car engines, sometimes databases get messy and need a tune up. Rock comes with the Database Maintenance job configured to do just that. Running on a schedule, this job rebuilds database indexes that need tuning. Because this job comes ready out of the box, you don't need to do any configuring. You can view the details and configuration options, though, by opening the Database Maintenance job from the Jobs List, located at Admin Tools > System Settings > Jobs Administration.

Adding Notes to a New Entity

Let's say your finance team asks you to be able to enter notes on batches. Your first response might be that you'll have to find a developer to add that functionality. That in itself is a pretty cool option...right? The fact that you have a system that you can extend to meet any need...cool! But in this case you can play the part of the hero (that's the name of this guide, remember?) and configure it yourself.

Any entity detail page is a candidate for adding notes. Looking at the address for the page will tell you which entity you can attach the note on. For example, if the address has BatchId=X then the note can be on the batch entity. Let's walk through the steps of adding notes to the Finance > Batches > Batch Detail page.

1. Once you’re on the batch detail page, add a new Core > Note block to the main zone (see the Designing and Building Websites Using Rock guide for details).
2. Edit the block settings of this new block. There are several possible configurations so look through the list. The key, however, is setting the Context Entity Type to be Financial Batch.
3. Reload the page for the block settings to be enabled. You should now see an empty note block.
4. The last step is to add the note type under Admin Tools > System Settings > Note Types. You can add a note type from the bottom of the grid. Be sure to set the entity to Financial Batch.

After following these steps your batch screen should look something like the one pictured below, with a shiny new place to put notes at the bottom of the page.

Adding Multiple Note Types to a Single Entity

When you add a note to a person on the Person Profile page you're adding a generic Person Note to the person entity. What if you wanted to be able to add a new type of note to a person? Say for instance your organization has a hospital visitation team and they want to have their own notes that stand out from the default ones. Developer needed...? Nope! You got this. Let's walk through the steps of adding this new Hospital Visitation note type.

The first step is to add the new note type under Admin Tools > System Settings > Note Types. From the bottom of the grid select the Add button and the Add Note Type page will be displayed.

1 Name

Provide the name of the note type that will be used in the various input screens.

2 Entity Type

Select the type of object/entity the note is for. In this case the note is for an individual, so we'll select Person.

3 Icon CSS Class

This is the icon to display next to the note.

4 Colors

These color options allow you to control the look of your new note. You can use hex colors (such as #0000FF for blue) or use the color picker to use a color wheel to choose a color for each of the three parts of the note: the background color, the font color of the note text and the border color around the note.

5 User Selectable

This flag enables the note type to be selected from the note entry screen. There are times when you won't want a certain type of note to be selected through the user interface. Other note types may only be added through workflows or custom code.

6 Requires Approvals

Check this box if you would like someone to have to approve notes before they show up. For instance, you could use notes to allow people to leave comments on your blog. If you wanted these comments to require approval before they show up on your external site page, you would check this box. Any person or role with "Approve" access on the note type's security will be able to approve or deny notes.

7 Send Approval Notifications

If you require notes to be approved before they show up, you may want to notify someone that there has been a new note which they need to review. You can designate the person or role to receive these notifications by granting them "Approve" access in the note type's security settings.

8 Allows Watching

This option will allow people to get a notification when a reply is made to a note; see the Watching Notes section for more details.

9 Auto Watch Authors

This option will automatically notify the person who added a note if someone replies to their note. See the Watching Notes section for more details.

10 Allow Replies

If you would like people to be able to reply to notes with a note of their own, check this box. You'll be prompted for how many "replies of replies" are permitted.

11 Approval URL Template

If you want to provide an alternate page for your note approver to review notes, you can provide that address here. Otherwise, it will take them to the page where the note was added (and scroll to the note itself).

Once your new note type has been defined it's ready to be used. At this point you may consider adding security to it to control who has access to view and edit these notes.

Security for Notes

It's important to understand who will be able to see or edit notes. Below is a full breakdown of what you can expect.

• Private: Private notes are only viewable by the creator. No one else, no matter what their permissions are, can see them.
• Approve: The Approve security verb lets you approve notes. You can view any notes for which you have Approve permission.
• View: You can view a note if you have View security to the note itself. You can also view notes you have created or modified in the past. Lastly, you can view a note if you have rights based off of the Note Type.
• Edit: Edit access gives you rights to add a new note and to edit notes that you have created. Edit access DOES NOT give you rights to edit notes that were created by someone else.
• Administrate: Administrate permission will let you edit notes, including notes you did not create.

Watching Notes

You can specify whether a note type Allows Watching. If it does, anyone who can view a note can choose to “watch” it. This means they will automatically be notified if the note gets any replies. You can also specify whether authors will automatically watch their own notes.

But that's not all! There's a page in System Settings called "Note Watches". Here, administrators can see everyone who's watching a note, but you can also add new "watches".

You can select either a single person or all members of a group to watch the notes you specify, by selecting them in either the Watcher Person or the Watcher Group fields.

Next, we can specify a specific person to watch by picking them as the Watching Person, or we can instead choose a note type to watch. If you want to get very specific, you can select both a person and a note type to watch; that will serve to only notify people of that type of note when it's added to that specific person.

You can also create exclusions to the note watch by creating a new note watch and un-checking the Watching option. For instance, if you wanted a group of your staff to be notified whenever a communication type note is added to anyone, you would set that up as normal using the process described above. But maybe you don't want them to know when someone said they contacted your senior pastor. In that case, you'd add a second note watch and select your staff group as the Watcher Group, but un-check Watching and specify your senior pastor as the Watching Person. Now your staff group won't be notified of any notes added to your senior pastor's profile, but they'll still be notified of all other communication type notes added to other people.

All note notifications use the Note Watch Notification System Communications template, so edit that template if you'd like. You can specify additional recipients of all notifications by adding them to the To field in the template, or on the Send Note Notification job itself. Note notifications will always be sent as a digest, rather than sending one email for every single watched note reply, which could quickly overwhelm your inbox.

Note Attributes

You can add attributes to the Note entity to track additional details about the note or to help with automation and data tracking.

In almost all cases you'll want to configure the attribute to only show for certain types of Notes. As pictured below, you can specify a Note Type Id to make sure the attribute only applies to the notes you want.

For more information on setting up attributes for entities like Notes, see the Entity Attributes section of this guide.

Setting Up A Digital Signature Provider

Digital signature providers create a reliable and legal way of gathering digital signatures. As it does with many other services, Rock allows multiple digital signature services to be configured. Out of the box it ships with support for SignNow, although others could be made available in core or the Rock Shop in the future.

Linking Rock To Your SignNow Account

With your Client ID and Client Secret in hand, you're ready to configure Rock to talk with SignNow. Head to Admin Tools > System Settings > Signature Document Providers and select the SignNow Digital Signature Provider. That will bring up the screen pictured below.

1Activate

Ensure that you Activate the provider by selecting Yes.

2Sign In

Enter your SignNow username and password.

3ID

Enter the Client ID and Secret from the SignNow email you received.

4API

The API Sandbox should be set to No. This is a development setting that should not be enabled.

5Webhook

Finally, check the webhook address. This is the address on your Rock server that the SignNow service will call when a document is signed. We've configured the address to use your organization's external application address.

At this point Rock and SignNow will be able to communicate with each other. The next step is to configure document templates that will be used in the signing process.

Document Templates

Document templates are created on the SignNow website. You can think of document templates as Word templates that you configure to send to individuals to obtain their signatures. When they sign, a document will be created with their signature embedded. You'll create a template for each type of document that requires a signature (e.g. Summer Camp Waiver).

There's a bit more to templates than just a Word document. For instance, you'll also need to configure where in the document the individual must sign. Let's walk through the creation of a new SignNow template.

Once you're logged in to SignNow, you should see a screen similar to the one pictured below. From here you'll want to click the Upload Document button near the very top of the page. This will allow you to select a Word or PDF document to upload. The file you select will then appear under the Documents tab.

But…wait… we wanted a template right? That's true. We'll convert our document to a template by selecting More > Make Template. After providing a name, you'll see your new template under the Template menu item.

Next, we'll add the signature location to the document. Technically, you don't need to do this. You can skip the step of specifying a signature location but, if you do, the signer will be able to sign anywhere on the document. This can be a bit confusing for some, so it's best to identify a location for them. To proceed with adding the signature location, click on the template name. This will take you to the template editor. Here you can add the signature location as well as any other fields you would like to collect.

To add the signature location, simply click on the document where you'd like it to appear. Don't worry; you can drag the location to a precise position after clicking. Now you'll see that there's a concept of roles. Roles allows you to have several different people sign documents in a specific order. Rock only supports a single role so just leave the default of Signer 1. Select Done and your template is ready for signing! Well… almost… one more step.

Now that your document is created in SignNow, you must set up a Rock signature document template that links to it. Let’s do that next. Start by navigating to Admin Tools > General Settings > Signature Documents. From here you can add a new template.

1 Name

Provide the name of the template in Rock.

2 Description

You can optionally add supplemental information about the template.

3 Digital Signature Provider

The service you'll be using for digital signatures.

4 Template

Rock will go out to the service you're using and pull a list of templates that you've configured. You should see the template you made in this list.

5 File Type

Rock will download each of the signed documents and store them. This file type allows you to configure how you'd like them stored.

Anatomy of a Digital Signature

Before we jump in to see digital signatures in action, let's look at what makes up a digital signature in Rock.

• Signing Document: We've already briefly discussed the concept of document templates and documents. Each digital signature will produce a signed document.
• Applies To: Since the documents that go out for signatures can often be for minors, Rock distinguishes between the person to whom the document applies and the person who needs to sign the document. In the case of a camp waiver, the Applies To field would be the child going to camp.
• Assigned To: The Assigned To field represents the person who has been assigned to sign the document. In the camp example, this would be the parent or person who completed the registration. We'll look at these fields in more detail as we discuss how event registration and groups works with digital signatures.

Digital Signatures and Event Registrations

One common use for digital signatures is with Event Registrations. With this feature, you can enable a signature request to be sent after the completion of a registration.

You can define the signature document that's required for an event registration on the registration's template. You can find this under Tools > Event Registration and then by selecting the registration template you wish to configure.

Once a registration of this type is completed, digital signature requests will go out for each registrant. The logic for determining the Assigned To and Applies To is as follows:

1. Applies To: Will always be the registrant of the registration. A signing request will be sent for each registrant.
2. Assigned To: This is a bit more complex. If the registrant is an adult, then the Assigned To will be the registrant. If the registrant is a child, the Assigned To will be the person completing the registration.

You can monitor the results of the digital signature from the event registration detail screen. From this screen you can not only resend signature requests, but also see the completed documents.

When using digital signatures with registrations you can choose to have the signature captured during the registration process (after entering each registrant) or wait to have the signature request emailed after the registration. When using in-line signatures the document will be embedded into the registration form (sample below).

Digital Signatures and Groups

You can also use digital signatures with groups. Let's see how that works.

You'll notice a setting on a group that allows you to require a signed document. Selecting a document template type here configures this feature. When it's set, each group member will be sent a signature invitation when they are added to the group (current group members will also get this invite). Since signatures can take some time to receive, Rock will warn you of group members with missing signatures by placing a small red signature icon next to their name on the group member list.

Selecting a person with this warning will allow you to resend the signature invitation.

Managing Signing Requests and Documents

OK, so now we've seen how to create digital signature templates and how to send requests for signatures. Let's wrap it up by looking at how you can manage the signing requests and documents.

To manage signing requests and view signed documents, navigate to General Settings > Signature Documents and select the document template you wish to view.

1 Document Template Detail

From here you can edit the template details.

2 Documents

This is a list of document requests for the template. Note that the name of the document is a combination of the source and the person's name. The source is either the group name or registration instance name.

3 Completed Request

Note that the first request has been completed. You can click the document icon to see the signed document.

Manually Editing Documents

You can manually add new signed documents by clicking the add button on the Document Template Detail screen above. If you'd prefer to manually edit one, you can do so by clicking the document row.

1 Document Name

The default here is a combination of the source and the person's name. The source is either the group name or registration instance name.

2 Document

If you'd like to upload a manually signed document you can do so here.

3 Document Key

This is the unique identifier of the document in the signing service. You shouldn't need this, but we provide it in case you need to work with the service on an issue.

4 Last Invite Date

This is the date that the last invitation to sign was sent.

5 Last Status Update

This shows you when the document's status was last updated.

6 Status

The current status of the document. If you set the status to Cancelled, the request will be cancelled in the signing service.

7 Applies To

The Applies To setting refers to the person for whom the document is created. For example, in a camp waiver, the Applies To would be the child going to camp.

8 Assigned To

This setting denotes who should be signing the document. In the camp example, this would often be the parent of the child.

9 Signed By

This field is only used for signed documents that are entered manually. While Rock knows the person to whom the request was sent, the Assigned To individual, we don't know who actually signed the document. To get this information you'll need to view the document and read the signature.

10 Resend Invite

If the document hasn't been signed yet the Resend Invite button will be available to resend the invite.

Document Signature Invite Emails

The formatting of the invite emails will vary depending on the signature service. Below is an example of the email for SignNow. Note that there isn't a lot of customization available. We've highlighted the parts that are custom to Rock.

Digital Signature Job

The digital signature feature in Rock relies on a single job named Process Signature Documents, to help Rock manage the digital signature process. This job performs three tasks:

1. Sends invites to new members of a group that requires a signed document.
2. Downloads any signed documents from the service that are still marked as Sent in Rock. The webhook should update the status immediately but the job will double-check its work.
3. Sends reminders for requests that haven't been signed. The job has settings that allow you to modify the configuration, but out of the box it will send a reminder every five days until there have been three emails sent (the first invite email counts as one, so a value of 3 represents the initial invite plus two reminders).

Active Directory

Many organizations already have a Microsoft Active Directory (AD) infrastructure in place for their employees to log into the network, email and other resources. Rock can use this as an additional authentication source once configured.

You can set up Rock to use your Active Directory under
Admin Tools > Security > Authentication Services > Active Directory

1Activate

Be sure to activate the security service by selecting Yes.

2Server Name

Provide the server name of one of your Active Directory Domain Controllers.

3Configure

Configure the AD Domain on the server to authenticate to.

Once the service is configured, you're ready to create logins in Rock. Active Directory logins can't use the normal Rock registration process. Instead you must add the login manually to the user on the Person Profile page.

Facebook Authentication

Password fatigue is a common problem with sites that require registration. In fact, a recent study found that 92% of shoppers abandon a website rather than go through the process of recovering a lost or forgotten password! However, if the website has a social media login option, they are 65% more likely to return. The same study showed that a majority of individuals prefer Facebook as their credential of choice. Luckily setting up a Rock website to use Facebook authentication is quick and easy.

Now that you've enabled Facebook login, when someone logs in using Facebook they will see a screen similar to the one below that links their Facebook account to your server.

When an individual's Facebook account is used for the first time Rock will apply the following logic to attempt to match the Facebook account to a Rock record.

1. If a person record can be found with the same First Name, Last Name and Email, the login is attached to this record. As an extra bonus, if no photo exists in Rock for this person their photo from Facebook will be added to their record in Rock.
2. If an exact match can't be made, a new record is created in Rock using the information from their Facebook account. The record status of this new individual is set to "Pending" so they will show up under the "Pending Individuals" report Tools > Reports > Data Quality > Pending Individuals.

When a new person record is created as a result of a Facebook login we'll pull the following information from Facebook:

• First Name
• Last Name
• Email
• Gender

Whenever they log in, we'll also do the following:

1. If the person doesn't have a photo in Rock and they do in Facebook, their Facebook photo will be added to Rock.
2. Their Facebook Media Link will be updated.
3. Any of their friends that have also logged into Rock using Facebook will be added as a Facebook Friend known relationship.

Google Authentication

With the popularity of Gmail, Google authentication is an attractive alternative for many guests. Below are the steps necessary for Rock to use your guests' Google passwords for authentication.

1. Visit console.developers.google.com/start and create a new project for your organization. If you already have a Google Maps API key, then you'll want to use that project.
2. On the left hand of the screen expand the APIs and auth menu, click on Credentials, and at the top of the screen click on OAuth consent screen.
3. Fill out this screen with your organization’s information. The information given here will be presented to your users when they sign in for the first time. A preview of the screen your users will see should be on the righthand side of your screen. You’ll want to include branding that your users will recognize and trust.
4. At the top of the screen click on the Credentials tab then click on the Add Credentials dropdown, select OAuth 2.0 client ID, and then select Web Application.
5. Under Authorized redirect URLs, you'll need to place the full URL of all the login pages you configure to use Google authentication. For example, http://rock.rocksolidchurch.com/page/3 for the internal site. When you've finished adding URLs click Create.
6. You should be presented with a Client ID and a Client Secret. Note these values and add them to the Google service configuration under Admin Tools > Security > Authentication Services > Google.

Twitter Authentication

Rounding out the list of popular sites to use for authentication, we also support Twitter. The directions below will get you up and running quickly.

1. Visit apps.twitter.com and create a new app for your organization.
2. Give your app a name and a description. This will appear to your users, so make it recognizable. Also put in your organization's forward-facing website URL, and in the callback URL field put the URL for your primary login page. This will be overridden but the callback URL field needs to have a value for the authentication service to work (for example: http://rock.rocksolidchurch.com/page/3). Click Create.
3. Navigate to the Keys and Access Tokens tab at the top and note the Consumer Key and Consumer Secret values. Add these to the Twitter service configuration under:
   Admin Tools > Security > Authentication Services > Twitter.
4. In order for your application to connect Rock user accounts to Twitter accounts, you need to request elevated permission for your application to access email information associated with Twitter accounts. You can do this via this link https://support.twitter.com/forms/platform and select the I need access to special permissions option.

Auth0 Integration

Auth0 is a single-sign on service that provides a layer of extensibility to your authentication strategy. Why would you need a service like this? Auth0 solves three primary needs:

1. It allows for a centralized authentication service outside of Rock. For most organizations centralizing their authentication inside of Rock is a great feature. Others prefer to have all authentication reside in an independent service. This is often desirable if you have several other systems needing shared authentication and you don’t want to write Rock integrations for each.
2. The second scenario where Auth0 makes a lot of sense is enabling social logins. Out of the box Rock supports most of the popular services, but Auth0 supports far more.
3. Finally, if you need passwordless authentication (via SMS, email, etc.) or two-factor authentication Auth0 can provide that for you.

Enough talk, let's get Auth0 configured for Rock. The instructions below assume that you have an Auth0 account with the desired connections and administrative settings pre-configured.

1. The first step is to create a new ‘Client’ in the Auth0 administrator site. Select ‘Clients’ from the left-hand navigation to get started.
2. Give your client a name and select the ‘Regular Web Applications’ option.

   

3. The next screen will show ‘Quick Start’ options. It’s much easier to just fill in the settings so head over to the ‘Settings’ tab. Here you’ll find the ‘Domain’, ‘Client ID’ and ‘Client Secret’. Keep track of these as you’ll need them in the Rock configuration. On this screen you’ll need to provide the following settings:
   • Allowed Callback URLs – This is a list of Rock Login URLS that will be using Auth0. You can provide as many URLs here as you need, separated by a comma.
   • You can also optionally add logos for the connection. This will help the individual logging better understand what's happening.

   

4. Finally, you need to give your client some extra permissions. In the Auth0 manager head over to the APIs link and select the 'Auth0 Management API'. From the tabs at the top select 'Non Interactive Clients'. You should see your client listed here. Be sure that your client is 'Authorized'. Next, select the down arrow to authorize specific scopes. You'll need to enable both the 'read:users' and 'read:users_app_metadata' scopes.

   

External Authentication Services

After activating the service in Admin Tools > Security > Authentication Services, open the login pages you wish to enable the authentication on (/page/207 for External Login and /page/3 for Internal Login), edit the Login Block Property, and turn on Remote Authorization Types for the services that you activated.

Servers and Clients

Before we get too far, it’s important to keep in mind the distinction between server and client.

Server applies to the system that’s doing the authentication. The client system uses the authentication provided by the server to grant access.

For instance, let's say a person is using their Rock username and password to log in to Church Online Platform. In that case, Rock would be the server and Church Online Platform would be the client.

Rock OpenID Connect Server

Let's see how to configure Rock as the authentication server for an outside system. You'll probably want to set up Rock at the same time you're setting up the client system. There's information Rock will need about the client, and the client will need some things from Rock, so it makes sense to have both up at once if you can.

Adding OIDC Clients in Rock

Each external system you're working with will need their own OIDC Client configuration in Rock. In the below example, we'll be setting up Rock to interact with Church Online Platform (ChOP). A little later in the next section we'll show you how things look in ChOP so you can see how everything connects.

To start, navigate to Admin Tools > Security > OpenID Connect Clients. From here you can view the clients you already have set up, or add new ones to the list. In this example we'll be adding a new client for ChOP.

1 Name

Be sure to provide a descriptive name, so you can easily distinguish between clients.

2 Client ID

The Client ID is a critical part of what connects Rock and the client. It must be exactly the same for both systems or the process won't work. The Client ID should be created in Rock using the Generate Id button, and then copied from Rock to the client system.

3 Client Secret

If you think of the Client ID as a username, then the Client Secret would be like a password. Like the Client ID, the Secret must match exactly between both systems and can initially be generated by clicking the Generate Secret button in Rock. You only get one chance to see the Client Secret when you first generate it, so if you lose track of it you’ll need to generate a new one.

4 Redirect Uri

After the person has provided their credentials, they will be redirected back to the client via the path indicated here. As you'll see in the next section below, this URI is provided by the client system.

5 Logout Redirect Uri

When the person logs out of the client system, they can be taken to the URI listed here. In this case, we're using the "Church Online Platform Origin" provided by ChOP, but you can choose a different path. Just keep in mind that the client system chooses whether or not to use this URI. If you log out of the client system and aren't taken to the path provided here don't worry, it just means the client system isn't using it.

6 Allowed Scopes and Claims

This is where you can choose what information the client system can get from Rock. Keep in mind the client must specifically request this information. For instance, checking the ‘Address’ box doesn’t mean a person’s address will be sent to the client every time they log in. By checking the box, you’re saying that the external system is allowed to have that information if they request it.

Changing Scopes and Claims

If you want to get really advanced, Rock lets you change the list of Scopes and Claims. You can access the OpenID Connect Scopes configuration from the OpenID Connect Clients page at Admin Tools > Security > OpenID Connect Clients. Just remember that this requires coordination with (and possible changes to) the client system, to support the updates you make.

Example Client System Setup

Each client will be a little different, so it’s challenging to provide specific instructions that apply to any system that’s out there. In this section we’ll use Church Online Platform (ChOP) as an example client, but the same key points will apply to any system that supports OpenID Connect.

First, you’ll need to log in to ChOP. If you don’t have a login, you can create one here. When you’re logged in, you'll need to access the Admin menu. If you're not already there, there's a button near the top-left where you can "Go to Admin". From the Admin menu, click "Integrations" on the left, then select "OpenID Connect” and click the “Set Up” button. You’ll then be brought to the page pictured below.

This page has fields for information you’ll need to get from Rock, and it also provides information you’ll need to add to Rock. As we mentioned earlier, this is why it's a good idea to set up both systems at the same time.

1 Callback URL

In this example we need to use the Callback URL from ChOP as the Redirect Uri discussed in the prior section. This will always be pointed to the client site.

2 Church Online Platform Origin

The Platform Origin is sort of like a homepage. In this case, ChOP has provided us with the public URL that Rock Solid Church uses for our online services. This is a logical place to bring people when they log out of ChOP, so we've used this as our Logout Redirect Uri in Rock as shown in the prior section above.

3 Issuer URI

This will be your organization's website. Specifically, this needs to be the Public Application Root in Rock's Global Attributes. If you're having trouble connecting with a client, try using https instead of http for your Public Application Root and make sure it exactly matches what's in the client system, including the / at the end.

4 Client ID

You'll populate this with the Client Id that was generated from Rock, as described in the prior section above. It is critical to the process that the Client ID is exactly the same between both systems, so this is one of the first things you should check if things aren't working.

5 Client Secret

Just like the Client ID, this will be generated in Rock and then copied over to the client system. Also like the Client ID, the Client Secret needs to be exactly the same between both systems. Remember, Rock won't show you the Client Secret after it's been saved, so if you need it and can't access it you'll have to generate a new one and copy it over to the client.

6 Test Configuration

Church Online Platform gives you a handy Test Configuration button to make sure both systems can communicate with each other. If something's wrong ChOP will let you know what it is. If the test is successful, all you'll need to do is confirm your email address to finish the setup.

With the above setup in place, your staff and guests can immediately start using their Rock credentials to log in to Church Online Platform. Again, we've been using ChOP in this example but you'll find any system that supports OIDC uses similar (if not identical) terminology and configuration.

Configuring Person Tokens

Person tokens come preconfigured in Rock and can be found in the Global Attributes screen
(Admin Tools > General Settings > Global Attributes).
There are three Person Token attributes: Person Token Expire Minutes, Person Token Usage Limit, and Person Token Use Legacy Fallback. Click on an attribute to open its configuration settings.

The Person Token Expire Minutes attribute is the length of time the person token is valid, configured in minutes. The default setting is 43200, or 30 days. If you want the person token to be valid for a shorter amount of time, enter the value in minutes in the Person Token Expire Minutes Value field.

The Person Token Usage Limit is the default maximum number of times a person token can be used. By default the value is blank, meaning there's no limit to the number of times the token can be used. If you want to set a limit, enter a numerical value in the Person Token Usage Limit Value screen.

The Person Token Use Legacy Fallback tells Rock whether or not to use pre-v7 legacy person token settings if they come through the system. If the Person Token Use Legacy Fallback Value is set to No, those legacy tokens will be rejected. We recommend keeping the value set to Yes for a few months after updating to v7, just to be on the safe side.

You can also configure and read person tokens using the PersonTokenCreate and PersonTokenRead Lava filters. To learn more about how to use Lava for Person Tokens, see the Lava guide.

Now let’s look at how you put the person tokens to use by impersonating another user.

Impersonating Another Person

Impersonation is enabled in the Bio block settings of the Person Profile page.

To enable impersonation, select Yes in the Enable Impersonation field.

You can configure Rock to automatically take you to a different page when you impersonate someone. Typically you would want to set this to your public Rock site (see note below), but it can be any Rock site/page you desire. You set this page in the Impersonation Start Page dropdown menu.

Once you’ve saved your block settings, you’re ready to impersonate another person. To do this, search for the profile page of the person you want to impersonate, click the Actions button in the upper right corner of the screen, and select Impersonate from the menu options. Rock will take you to the page specified as the Impersonation Start Page, and you’ll now view the site as that person. Keep in mind this means you’ll only be able to see what that person can see based on their security roles and permissions.

Impersonation remains in effect until the browser session ends, you log out of Rock, or you click the Restore button in the admin toolbar at the bottom of the screen.

Phone Numbers

Post-install, Rock is configured to support only US-formatted phone numbers. When only one country is configured, the phone entry field looks like the example below.

This field can easily be adjusted to support other countries. Simply add country specific formatting fields to the Admin Tools > General Settings > Defined Types > Phone Country Code defined type.

Each new entry should have the following values.

• Value: This is the country code that's used when dialing the number.
• Description: A short description of the phone formatting pattern.
• Match Expression: This is a regular expression that's used to match the value you entered and apply the correct formatting to it. For instance, a seven-digit number in the US would match the formatting rule 555-5555 while a 10 digit number would match to (555) 555-5555.
• Formatting Expression: This string is used to apply the formatting to the matched number. Each grouping of numbers is represented by a $#.

Once you add a second country, the phone number field will change a bit in look. You'll notice the addition of a country code selection at the beginning of the input. The phone country code listed at the top of the defined type list will become the default country code, so in the screen shown above grab the hamburger grips to the left of each entry and drag them up and down the list as you desire.

Dates & Times

We believe the .Net framework that Rock is built on should handle the formatting of dates and times correctly across regions. If you find an area of Rock that shows a date and/or time in a US format, please let us know by opening a Rock issue. Before opening a request, be sure to check the server's culture setting. This can be found on the ‘System Information’ dialog access from the Admin Toolbox at the bottom of each page.

Currency

There really isn't any magic in Rock’s implementation of local currencies. Behind the scenes, currency is stored simply as a number. As of Rock v12.4 you can change the currency symbol displayed within the application under
Admin Tools > General Settings > Global Attributes | Organization Currency Code. This Global Attribute replaces the former "Currency Symbol" attribute used prior to v12.4. The Organization Currency Code will be set to 'USD' (United States Dollars) for organizations in the United States.

If you're displaying currency in Lava, use the FormatAsCurrency filter to return a numeric value with the appropriate symbol according to your Organization Currency Code.

International Address Support

By default, Rock is set to accept and display US-formatted addresses. For most organizations operating inside the US, this will be the preferred configuration. Enabling support for international addresses is simple and remarkably powerful. Let’s take a look.

School Grades

Rock provides a customizable system for determining the educational grade/year an individual is in. You can read more about how this grade system works in the Person & Family Field Guide.

Strategies for Full Localization

Full localization, including the support for multiple languages, is outside of the scope of the Rock project. However, it's possible for someone to fork Rock's source and localize the code and database contents. If you're interested in starting an internationalized port let us know and we'd be happy to help share your work.

Creating Lots of Fake People

There’s no denying that it can be useful to have fake person records in your production Rock instance. There are times when you want to try something out, but don’t want to risk changing or damaging a real record. That’s understandable, and fairly common. However, having too many of these records can negatively impact things like reporting, communications and system performance. Eventually you’ll want to clean up, and that’s where you’ll run into some challenges.

If you must have fake records then we strongly recommend that you keep the count as low as you possibly can. Adding even a single person impacts many different tables and data throughout Rock. From attributes to addresses, think of all the things you associate with people and families in Rock, and then consider having to identify and undo all those things. It’s like shooting a shotgun into a bale of hay and then having to find and remove all the pellets without missing any. It’s a manual process; we don’t have a magnet for you.

Changing Blocks

It’s possible to inject custom CSS / JavaScript to modify Rock’s core blocks or to change the user interface on a block. While that may be tempting if you have the technical resources to do it, we advise against modifying blocks that ship with Rock or come from the Rock Shop. Trust us, your future self is screaming at you right now to not do this.

Injecting custom code dramatically complicates future troubleshooting and maintenance for yourself and others. The Rock Community is always willing to help and support you, but it’s very challenging if you’re using a different block than everyone else.

Also keep in mind that new Rock releases or fixes could overwrite or conflict with the changes you’ve made, possibly resulting in broken functionality. Rock upgrades assume that the core blocks are unchanged. There are ways to mitigate this risk, but they all require time and resources you wouldn’t otherwise need.

What to Do When Rock Won't Load

You make a configuration change and next thing you know Rock's not loading any longer. What should you do?! First, relax. A calm mind will lead to a quicker resolution while stress might only dig you in deeper. Below are some things you should try first.

    SELECT TOP 100 *
        FROM [ExceptionLog]
        ORDER BY [CreatedDateTime] DESC                    
                

Check for Exceptions in The File System Log

When things are so bad that Rock can't even write to the database, we'll write the exception to a comma-delimited file on the web server's file system. The file is located at ~/App_Data/Logs/RockExceptions.csv.

Getting 500 Errors to Display

When all you get back from Rock is a server 500 error, you can modify your web.config to return a more detailed error message.

Two changes will need to be made before a detailed error will be displayed.

1. Immediately after the line <system.web> add a new line with this text <customErrors mode="Off"/>
2. Next you'll need to comment out the custom error configuration. To do this, simply edit the existing comment from this:

   <!-- Add a custom handler for 404 errors to load Http404Error page.
   The Http404Error page will check to see if the site has a configured 404 page, and if so, it will then redirect to the custom page.--> 
   <httpErrors errorMode="Custom" existingResponse="Replace">
      <remove statusCode="404" subStatusCode="-1" />
      <error statusCode="404" path="/Http404Error.aspx" responseMode="ExecuteURL" />
   </httpErrors>
                           

   to this:

   <!-- Add a custom handler for 404 errors to load Http404Error page.
   The Http404Error page will check to see if the site has a configured 404 page, and if so, it will then redirect to the custom page.
   <httpErrors errorMode="Custom" existingResponse="Replace">
      <remove statusCode="404" subStatusCode="-1" />
      <error statusCode="404" path="/Http404Error.aspx" responseMode="ExecuteURL" />
   </httpErrors>-->                            
                           

What To Do Next

At this point, you should now have more information about what's going on behind the scenes. Hopefully you can fix it from here. If not, you might try:

• Posting into the Rock Q&A. Be sure to include any error message you're getting.
• Posting on the Rocket Chat.
• Seeking help from a Rock consultant. You might ask in the Q&A section for a recommendation. We hope to build a rating system for external resources soon.

Caching

Rock uses a very sophisticated and fast caching sub-system. The cache greatly reduces the need to read from the database. Tuning this cache is so important to us that we even show the Cache Hit Ratio in the bottom admin bar. Rock's cache is very fast because it uses the server's memory. Unfortunately, this makes running on multiple servers somewhat difficult. How? Let's walk through an example.

Say you're running two Rock servers, A and B. While connected to server A you make some security edits. These edits are updated in the database and in server A's cache. Unfortunately, the original security settings are also in server B's cache and it has no idea they've been updated. So what's an admin to do? Well, we have you covered!

Redis to the rescue! Redis is a very fast NOSQL database that many large websites use to increase performance. Redis has two features that make it a great solution. The first is the NOSQL database. Many people use the Redis database for caching. The second feature is a messaging system that allows you to publish and receive small messages. Think of it as a chat room of sorts. Because Rock's in-memory cache is so fast, the architects decided not to use the Redis database. Instead, when enabled, Rock servers can use Redis to share when they update or flush their cache. If you think back to the chat room analogy, think of the servers as connecting to the chat room to send messages to each other whenever they update their cache. Pretty simple right?

Let's walk through how you can configure multiple Rock servers.

1. Install a Redis server on your network. Because Rock doesn’t use it for storing cache, it doesn't need to be a beefy server, but it should be reliable and always on. See Redis for more information on the various server options. Since Redis is open source, many free options are available. If you’re mainly a Windows shop you should consider using the Microsoft Redis server available at: https://github.com/MSOpenTech/redis/releases. It's recommended that you use the 3.x version of this server.
2. Install your Rock websites. Be sure that the same versions of Rock are installed on each server and that they use the same web.config. Each install of Rock has its own encryption keys located in the web.config. These keys must be the same on each server.
3. OK, we said the web.config files should match… except for one small setting. Be sure that only one of your servers has the RunJobsInIISContext setting set to true. Running the Rock jobs on two servers at once can lead to some interesting (read: bad) situations.
4. To enable the Redis caching notifications you'll need to set the EnableRedisCacheCluster setting to true in the web.config. You'll also need to set the RedisConnectionString to point to your Redis server. An example of this connection string would be redis.rocksolidchurchdemo.com:6379.

Initial Slow Response Times

Here's the scoop on slow initial Rock load times. Rock uses a database access technology called Entity Framework (EF). On first load (the very first page that's started when the application loads) it can take a few seconds for EF to check the database to see if any changes are required. Subsequent pages will load much faster. You'll notice that once a page loads the second load of that page is super-fast. That’s Rock’s caching engine kicking it. So that's all fine and good until…

IIS's AppPools (think of it as the engine that powers Rock) need to be refreshed on occasion. By default this happens every 29 hours (you should reset yours to always occur at a specific time, like 1am). When the AppPool recycles the whole EF start up happens again. For more information on configuring the AppPool see this blog post.

We'd recommend that you use an HTTP status tool like Pingdom to constantly poll your site. Not only will this notify you went it's down, but it will also be the first to load your page after an AppPool recycle.

Once Rock is started there's an internal keep-alive process to ensure your site doesn't go into a sleep-like mode. Once the initial page is loaded this process will ensure that Rock stays awake and responsive.

Overview

To start, the person enters their mobile phone number in the screen pictured below.

After clicking Lookup the person will receive a text message with a verification code. They’ll need to copy or type that code into the next screen pictured below. This confirms they are in possession of the device with that phone number.

If the person didn’t receive the text, or needs to re-enter their number, they can tap the Resend button pictured above to try again.

After providing the confirmation code and clicking Next in the screen above, the person will be returned to the area where they started the process. For instance, if this is being used with Mobile Check-In then the person would be automatically directed to the next steps for checking in.

Phone Number Matching

Behind the scenes, Rock will check the provided phone number against records in the system. If only one person has that phone number then Rock’s job is pretty easy. But, sometimes more than one person has the same phone number in Rock. Or, the person’s phone number might not be in Rock at all. Rock can still handle either scenario.

If more than one person has the phone number, Rock will ask the person with the device to indicate who they are. Remember, this happens after the confirmation code is entered in the prior screen above.

After tapping their name, the person will then proceed with next steps for the process they originally started (like Mobile Check-In).

If Rock can’t find the provided phone number in the system, then the person will see the screen shown below. Again, this only happens after they’ve provided the confirmation code.

In the next section we’ll show you how to configure the instructions that appear on this screen.

Phone Number Lookup Block Settings

Now that you’re more familiar with the process, let’s look at some of the configuration options you have. These settings let you tailor the experience to your needs.

1 Name

The name of the block appears on each screen.

2 Text Message Template

This is where you can configure the confirmation code text message that gets sent to the person. In this example we’ve used Lava to provide the organization’s name and the confirmation code itself. We strongly advise against adding any personal information here (like “Hello Ted!”) because we don’t know for sure who has the device until they submit the confirmation code.

3 Title

The title you put here will show on each screen. This helps indicate we’re looking for an individual and not a family.

4 Authentication Level

This setting is very important. It decides what access the person has after they have submitted the confirmation code (and after selecting themselves, if necessary). You can choose from one of two settings:

• Trusted Login - This setting will formally log the person into your Rock website if they have a login account. If they don’t have a login, they’ll be able to do most (but not all) of the functions a logged-in person could do.
• Identified - This is the safer setting of the two, but it’s also more restrictive. In this case the person will be identified for specific areas of your site, like Attendance Self Entry or Mobile Check-in, but most secured areas will still require them to log in.

More details on this setting are provided below.

5 Initial Instructions

These instructions provided here will appear on the first screen of the block, where the person enters their phone number.

6 Verification Instructions

Here you can change the instructions that are shown when the person enters their confirmation code.

7 Individual Selection Instructions

These are the instructions that will show on the screen for selecting which person is in possession of the device. This screen only appears if more than one person in Rock has the provided phone number.

8 Phone Number Not Found Message

If the provided phone number can’t be found in Rock then these instructions will appear. You might use this area to request that the person create a profile so they can be identified in the future.

9 Verification Time Limit

This is the amount of time, in minutes, before the verification code expires. If the code expires, the person will need to resubmit their phone number and get a new code.

10 IP Throttle Limit

This is the maximum number of times, per day, that a single IP address can submit a phone number for verification. In many cases, this is helpful to help keep SMS messaging costs down. An exception will be written to the Exception Log if the limit is reached.

11 SMS Number

This is the SMS Number that will be used to send the confirmation code text message to the person.

Login Page

The Login page pictured below can be accessed different ways. Typically, the page is reached by clicking the Login button near the top right of your external website pages. The login page can also be accessed directly by going to https://yourchurch.com/Login.

1 Login ID and Password

The Login ID could be a username or an email address. You can choose which one people should use when they’re creating an account, which we’ll cover below. The block settings allow you to change what this is called, so you can change it to say “Email” or “Username” to add clarity.

2 Keep me logged in

Checking this box will allow the person to close the window and return later without having to sign in again.

3 Login

When a valid Login ID and password are provided, clicking this button will log the person in. The person will be redirected back to the page where they were before logging in.

4 Register

If the person doesn’t have an account, they can click this button to create one. See the Account Registration section below for details.

5 Forgot Account

If you’ve ever lost track of your username or password on a website, you’re familiar with what this button does. Clicking this will take the person to the Forgot Username page (https://yourchurch.com/ForgotUserName). This page will ask the person to provide their email address so Rock can email them their username and a link to reset their password. The person must have an email address in Rock for this to work.

Account Registration

The Account Registration block can be accessed by clicking the Register button from the Login page, or by going to https://yourchurch.com/NewAccount.

As pictured below, the person will be asked to create a Username and Password, as well as some information about themselves. This page is simple and easy to understand, which is by design. If account creation is a complex process, people may be less likely to complete it.

While the page looks simple, there’s actually quite a bit going on behind the scenes. The block settings pictured below give you an idea of what this block does, and lets you change it to suit your needs.

1 Name

You can change the name of the block here. Typically, the block name is only visible to administrators.

2 Require Email For Username

Enable this option to force an email address to be used as the person’s username. That means the person will log in with ted.decker@rocksolidchurchdemo.com rather than tdecker. A person can still provide an email address as their username if this option is disabled.

3 Username Field Label

Instead of the "Username" label, you can change it to something like "Email Address" or "Username/Email". You might want to change this if you’ve enabled the Require Email For Username setting described above, to ensure the person knows what they’re being asked to provide.

4 Check For Duplicates

Enabling this will compare the information provided by the person to existing records in Rock. If a match is found, it’s likely the person already has a record. The person will be provided with a list of existing records with matching information, so they can select themselves if they already exist.

5 Connection Status

If a new record is created in Rock according to the information the person provides, this is the connection status that will be applied to the record.

6 Record Status

Like the Connection Status, this is the status that will be applied to a new person’s record.

7 Show Address

The address fields will be added to the page if this is enabled, allowing the person to provide their address.

8 Location Type

This setting only applies if Show Address is enabled. This will be the type of location assigned to the address the person provides.

9 Address Required

You can choose to make the person’s address optional or required by adjusting this setting. This setting only applies if Show Address is enabled.

10 Show Phone Numbers

Similar to the Show Address setting, you can choose whether or not the person can provide one or more phone numbers. There are additional settings related to phone numbers, which we’ll describe below.

11 Minimum Age

Only people who are this age or older can create a new account. We very strongly recommend keeping this set at 13 or higher. The Children's Online Privacy Protection Act disallows children under the age of 13 from giving out personal information without their parents' permission.

12 Phone Types

If Show Phone Numbers is enabled, this is where you can select which phone types to display. Separately, you can select which phone types are required or optional. For instance, you can make a mobile number required, while home and work phone numbers are optional.

13 Campus

Enabling Show Campus allows the person to select a campus when filling out the form. You can also change the Campus Selector Label if you call your campuses something else. For instance, you could call it “Home Church” or “Site”.

14 Captions

You can customize the messages that people see by changing the text here. There are different messages depending on the person’s scenario. Generally you shouldn’t need to make changes to these settings.

15 Email Templates

Rock ships with email templates for forgotten usernames, account confirmations and account creation. If you want to use a different template for any of these, you can make the change here.

16 Pages

By default, these are blank. You can direct the person to Confirmation and Login pages of your choosing by selecting the desired page here. If no other page is selected, Confirmation Page will take the person to /ConfirmAccount and Login Page will take the person to /Login.

After an account has been created it can be viewed from the Person Profile Security tab and the User Accounts page. Staff can add new accounts or modify existing accounts from these pages.