Virtual Code Authentication User Guide for Administrators

Similar documents
Virtual Code Authentication User s Guide. June 25, 2015

Cash Management 5.0 User Guide

Managing policies. Chapter 7

account multiple solutions

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication. Mobile App Activation

i-mobile Multi-Factor Authentication

Hallpass Instructions for Connecting to Mac with a Mac

DOMAIN CENTRAL HOSTING

Stewart Secure User Guide. March 13, 2015

SaaS Encryption Enablement for Customers, Domains and Users Quick Start Guide

Online Employment Application Guide

User Guide. Version R91. English

Broker Portal Tutorial Broker Portal Basics

Business Banking Customer Login Experience for Enhanced Login Security

Lenovo Partner Access - Overview

Self-Service Password Manager

Frequently Asked Questions for logging in to Online Banking

End User Configuration

User s Guide For Department of Facility Services

Optum ID Migration for Provider Express Users

How do I contact someone if my question is not answered in this FAQ?

Managing users. Account sources. Chapter 1

Strategic Asset Tracking System User Guide

Setting Up Your Team-SQL Database for ORACLE 8.05

ProgressBook CentralAdmin User Guide

Service Desk R11.2 Upgrade Procedure - Resetting USD passwords and unlocking accounts in etrust Web Admin

Parental Control Setup Guide

Portal User Guide. Customers. Version 1.1. May of 5

Spambrella SaaS Encryption Enablement for Customers, Domains and Users Quick Start Guide

Logging In You must log in to the system before you can begin exchanging files with UMB. To log in to the system, follow the steps below.

ACHieve Access 4.3 User Guide for Corporate Customers

Introduction to Google Apps for Business Integration

1 of 10 1/31/2014 4:08 PM

Cash Management. Getting Started Guide

User Management Guide

USING THE DNS/DHCP ADMINISTRATIVE INTERFACE Last Updated:

Advanced Settings. Help Documentation

Configuring a BEC 7800TN Wireless ADSL Modem

NeoMail Guide. Neotel (Pty) Ltd

Customer Ad Proofing Portal

Labor Law Compliance Management System (LCMS) Frequently Asked Questions

Configuring Sponsor Authentication

Logging into LTC Instant Access the First Time

PORTLANDDIOCESE.ORG - How to Connect Table of Contents

PaymentNet Federal Card Solutions Cardholder FAQs

Monash Health Self Service

Dalton State College Password Management System

Introduction to the AirWatch Browser Guide

MULTI-FACTOR AUTHENTICATION SET-UP

Fax User Guide 07/31/2014 USER GUIDE

PORTLANDDIOCESE.ORG - How to Connect Table of Contents

SPC Connect Configuration Manual V1.0

HOW WILL I KNOW THAT I SHOULD USE THE IAS CONTINUITY SERVICE?

eopf Release E Administrator Training Manual

Instructions For Opening UHA Encrypted

AD Self Password Reset Installation and configuration

Sonian Getting Started Guide October 2008

DocuSign Connect for Salesforce Guide

Wireless Network Configuration Guide

Mac OS VPN Set Up Guide

AESDIRECT ACCOUNT ADMINISTRATION USER GUIDE

Hyperoo 2 User Guide. Hyperoo 2 User Guide

CORE K-Nect Web Portal

M&T Web InfoPLU$ GETTING STARTED GUIDE

IP Configuration Manual

Baylor Secure Messaging. For Non-Baylor Users

Getting Started. Getting Started with Time Warner Cable Business Class. Voice Manager. A Guide for Administrators and Users

NovaBACKUP. Storage Server. NovaStor / May 2011

Delegated Administration Quick Start

Setting up Sharp MX-Color Imagers for Inbound Fax Routing to or Network Folder

P-3202H-Bb. G-PON VoIP IAD DEFAULT LOGIN DETAILS. Firmware v1.0 Edition 1, 09/2009. IP Address: Password: 1234

Active Directory Self-Service FAQ

Using Websense Data Endpoint Client Software

OPENGATE SMALL BUSINESS SOFTWARE

SETTING UP REMOTE ACCESS ON EYEMAX PC BASED DVR.

How to Create a Basic VPN Connection in Panda GateDefender eseries

Creating a Content Group and assigning the Encrypt action to the Group.

Kaseya 2. Quick Start Guide. for Network Monitor 4.1

Kaseya 2. Quick Start Guide. for Network Monitor 4.1

Secure Message Center User Guide

River Valley Credit Union Online Banking

Setting up Hyper-V for 2X VirtualDesktopServer Manual

7.0 Self Service Guide

Comodo Two Factor Software Version 2.8

PaperStream Connect. Setup Guide. Version Copyright Fujitsu

Folder Proxy + OWA + ECP/EAC Guide. Version 2.0 April 2016

TREENO ELECTRONIC DOCUMENT MANAGEMENT. Administration Guide

Installing SQL Express. For CribMaster 9.2 and Later

INTRODUCTION: SQL SERVER ACCESS / LOGIN ACCOUNT INFO:

How to Access Coast Wi-Fi

The back story of our Wireless (reading will help you understand what is going on in the building):

i>clicker v7 Gradebook Integration: Blackboard Learn Instructor Guide

Hosted Exchange Setup Instructions

efiletexas.gov Court Administrator User Guide

The MyCSF Portal Guide

Setting Up Scan to SMB on TaskALFA series MFP s.

Defender Token Deployment System Quick Start Guide

SECURITY DOCUMENT. BetterTranslationTechnology

Transcription:

Virtual Code Authentication User Guide for Administrators

Virtual Code Authentication - User Guide for Administrators Document No.: 05-001 2001-2015 All rights reserved. Under copyright laws, this document may not be copied, photocopied, reproduced, or translated without prior consent of www.entertimeonline.com.

Virtual Code Authentication - User Guide for Administrators 3 Table of Contents Overview of New Security... 4 Passwords... 5 Password Preferences... 5 Additional Password Changes:... 6 Multi-Factor Authentication - Virtual Code... 7 MFA Overview... 7 MFA Approval List... 8 Importing Employees with Existing Passwords... 8 MFA - The User s Experience... 9 Additional MFA Options... 13 Updating Employee MFA Information... 13 Approving or Rejecting Updated MFA Virtual Code Credentials... 14 Selecting Approvers... 15 Clearing MFA Configuration... 16 Kiosk Mode Non Virtual Code... 17 Overview... 17 IP Addresses... 17 Browsers and Cookies... 17 Certifying and Configuring a Computer... 18 De-Certifying a Computer... 18

Virtual Code Authentication - User Guide for Administrators 4 Overview of New Security Modern technologies call for higher security standards as practiced among many other online systems. Configurable password settings have been in place which allows for sub-standard password practices among users. As such, we will now require a two-step log in process. 1. Enhanced Passwords Going forward, your password must contain a minimum of 8 characters and include at least one of the following: Uppercase Letter Lowercase Letter Number Symbol Example: Password1$ 2. Multi-Factor Authorization (MFA) or Virtual Code Authentication After you enter your username/password and click login, if the system does not recognize this computer as one you have used in the past 30 days, the system will require a second form of authentication before you can continue. A code will be emailed, texted, or sent to you via an automated voice call, which you will then enter, in order to access the system. The security combination factors are as follows: Password = something you know Code = something you have

Virtual Code Authentication - User Guide for Administrators 5 Passwords Password Preferences Under Company Settings > Global Setup > Company Setup, on the Login Config tab within the Password Preferences widget, there are new minimum standards for all passwords in the system. They are as follows: New Account Default Password: Will deploy in order. If not using Option #1 (unchecked and not set), the system will move to Option #2, where you can designate the default password. If none of the above are used, the system will assign the default password shown in Option #3. Note: Option #3 will not display if a password has been set in Option #2. Password History: 10 day history (hard-coded) Maximum Password Age: Open field to set limit (can be set up to 99999) Minimum Password Length: 8 characters Password Complexity Level: 4 complexities (hard-coded). There are 4 different character classes that are required in a password. This means each password must contain at least one of the following: An upper case letter, lower case letter, number, and a symbol. Example password: Password1! Lock Account After: Minimum 1, Maximum 5 invalid attempts within 5 minutes (minutes is hard-coded) Lock Account: If set to Temporary, the minimum time allowed is 30 minutes. If set to Permanently, an Administrator must login and unlock the account.

Virtual Code Authentication - User Guide for Administrators 6 Additional Password Changes: New Accounts New accounts will be forced to login and change their password within 5 days of account creation or they will be locked. To unlock, the administrator will login to unlock the new account. The user will then have another 5 days to login before being locked again. Cycle repeats.

Virtual Code Authentication - User Guide for Administrators 7 Multi-Factor Authentication - Virtual Code MFA Overview The Multi-Factor Authentication, or MFA, is required functionality for all Workforce Ready account users including Partner Admins, Company Admins, Managers and Employees. This functionality generates a Numeric code for the user to enter which provides a second factor of their personal identity. Certain logins will not require a second factor of identity. They are: Mobile Application Middleware Clocks Web Clocks* Single Sign On Applicant Logins Individual accounts which are already configured with a form of Multi-Factor Authentication such as an RSA code will not be required to use this particular form of MFA. For the rest of the accounts moving forward, a code will be used and sent to the user either by Text, Voice Call or E-mail which will be required, along with the username or password, in order to enter into the system. * Multi-Factor Authentication will NOT be required when using a Web Clock unless the Login feature is used.

Virtual Code Authentication - User Guide for Administrators 8 MFA Approval List After enabling MFA, and then saving the page under Company Settings > Global Setup > Company Setup containing the Password Preferences widget, it will be mandatory, upon clicking the Save button, to create an approvers Admin List and Approval Period within the Multi-Factor Authentication section. This will ensure that the necessary approvers are in place when employees begin configuring their information to receive their virtual codes. See the Approving or Rejecting Updated MFA Virtual Code Credentials section below for details about how this works. Importing Employees with Existing Passwords When importing employees, existing passwords will not be imported. This includes new hires as well as existing employees.

Virtual Code Authentication - User Guide for Administrators 9 MFA - The User s Experience A first time login, as well as all new accounts, will require a Password Change and configuration of the MFA settings for future logins. Step 1: Enter Username and Password as usual on the login page. The Change Password screen will display where the password must be changed to one with the new requirements. The screen will explain the new password standards. Mobile users will also receive this screen.

Virtual Code Authentication - User Guide for Administrators 10 Step 2: Once the password has been changed, users will be taken to a form to configure their MFA Settings. Up to three methods can be configured for receiving a code. The user has the option to configure their Text Message #, Voice Phone # and/or Email address. One or more methods may be selected. Any information that is already listed in the account will be pre-populated. If multiple phone or email numbers are stored in the system, those will be made available to the user via the drop-down lists shown in each field. Users may also enter new information not stored in the system. When this happens, an administrator must approve the new credentials. See the Approving or Rejecting Updated MFA Virtual Code Credentials section below for details about how this works. Once this step is completed, the user will be logged directly into the system. For any logins thereafter, the code will be delivered via the selected method and is unique to the user and will expire in 15 minutes. Once the user enters the code, they can choose to make the computer trusted by checking Remember This Device where an encrypted cookie will be placed on the machine for that browser. A trusted computer will not require the 2 nd factor again unless the cookie expires or is deleted via the web browser options. It can expire if a user does not log in for 30 days and the 30 day counter is reset on every successful login.

Virtual Code Authentication - User Guide for Administrators 11 Step 3: Anytime thereafter, when logging in from a device that has not been remembered, the user will be asked which method they would like to use to receive their code for that specific login. Select a method and click the button to send either Text Message, Voice, or Email. * NOTE: It is recommended that users select Text Message # as their primary option. The other methods are valid, but due to inconsistencies in email policies and practices (such as Spam/Junk folders, server down-time, etc.), a text message will deliver the code immediately to the user. Screen to request code: Screen after sending the code: After the code is received, enter the code, check the box** and click Continue. The user will now be logged in to the system. This option will not show for users who still have approval items pending for the MFA administrator. * If Email is selected as the method to send the code, the email will be sent from the Company Email Address displayed under Company Settings > Global Setup > Company Setup, on the Company Info tab, in the Company Address section. If there is no Company Email Address listed, the email will be sent from NoReply@Kronos.com. ** If the box is checked, the next time this specific user is logged in from this device, a second factor of authentication (code) will not be required for login. As a best practice, this option should only be checked on individual personal computers and should never be checked on a public or shared computer. Coming Soon: For any accounts with outstanding approvals, this box will be disabled.

Virtual Code Authentication - User Guide for Administrators 12

Virtual Code Authentication - User Guide for Administrators 13 Additional MFA Options Updating Employee MFA Information Employees may change their SMS, Voice and Email settings at any time by navigating to My Account > My Settings > Change Multi-Factor Authentication. If a user enters information that is not already stored in the system, an approval will be needed by an administrator. See the Approving or Rejecting Updated MFA Virtual Code Credentials section below for details about how this works. This feature is enabled for users within Company Settings > Profiles/Policies > Security within the ESS tab.

Virtual Code Authentication - User Guide for Administrators 14 Approving or Rejecting Updated MFA Virtual Code Credentials When employees configure their MFA code and enter credentials that are not already on file in the system, approval will be required. This will apply to all employees who log in to the system. The purpose of this feature is to protect users data by ensuring that the virtual codes are sent to their legitimate phone numbers and email addresses. There are two ways that changed or updated employee credentials will trigger the approval process: Employee enters information under My Account > My Settings > Change Multi-Factor Authentication that is not on file within their account in Employee Information. Employee enters information in the MFA Configuration screen that is not on file within their account in Employee Information.

Virtual Code Authentication - User Guide for Administrators 15 Selecting Approvers To designate administrators who can approve new employee information, and if not already set up, go to Company Settings > Global Setup > Company Setup, within the Password Preferences widget in the Multi-Factor Authentication section and create an Admin List where one or more administrators are designated as approvers. A maximum of 72 hours (the default setting) may be set for the Approval Period which is the recommended setting. Less time may be selected. If set to Zero (0) hours, employees will be locked out immediately when entering new credential information until the approval is completed. It is recommended to select more than one approver in cases where staff may out of the office. One or more approvers may be selected using the filters as shown below. To approve, an email will be sent to all the approvers in the Admin List, as well as sending a My To Do action to each approver. One approval will clear the My To Do action for the other approvers on a first come, first served basis. Approval will be needed by an administrator within the window set in the Approval Period field, which is usually 72 hours. If the approval is not done within the 72 hour window, the employee will be locked out until approved by an administrator. In the example shown below, an administrator has been sent an approval request for an employee. If the approver has access to the employee, the name will be shown as a hyperlink. When clicked, the hyperlink will take the approver to the employee s account under Employee Information, where information can be viewed and confirmed. A Utilities icon is also available to navigate to various areas of the system. Based on the example shown above, the employee is not locked and still can log in using the new information for up to the 72 hour limit (or whatever is set in the Approval Period field.) When Approved Employee can log in now, and in the future, using the new credentials. When Rejected Employee s account will be locked.

Virtual Code Authentication - User Guide for Administrators 16 Clearing MFA Configuration For any users who require a complete reset to their MFA Configuration, there is an option available to managers or administrators within the Employee Information profile within the Account Information widget to Clear MFA Configuration. By doing this, the employee will be brought back to Step 1 as described above. The access to this feature is granted within the HR tab of the Security Profile under Company Settings > Profiles/Policies > Security.

Virtual Code Authentication - User Guide for Administrators 17 Kiosk Mode Non Virtual Code Overview Kiosk Mode allows certain computers to be configured and certified as terminals so that users logging in to those computers can bypass the Multi-Factor Authorization, or MFA process for logging in. Since MFA requires the use of personal phones and email addresses, this feature is useful for companies who have policies in place that prevent employees from using their personal phones, or accessing email from work. Employees can instead use a computer in Kiosk Mode to perform their normal duties or access Employee Self Service features. Computers will go through a configuration process called certifying in which settings will be applied that will save, or certify the computer to an exclusion list that will allow it to bypass the MFA process. Computers may also be de-certified as needed. IP Addresses In order for this feature to work correctly, a static IP address must be used. If DHCP addresses are used, the computer will not be able to be certified for kiosk mode. Once the configuration is complete and the computer is certified for kiosk mode, the IP will be saved to an exclusion List. This list will be used to allow certified computers to bypass the MFA process when users log in to that device. Browsers and Cookies Browsers must be configured to accept Cookies. Each terminal configured for kiosk mode will store a Cookie on the computer being used for each entry. NOTE: If it is a normal practice for your company to periodically clean and remove Cookies from your computers, whether done daily when the Browser is closed, or on a schedule, will de-certify a previously certified machine since Cookies are required for Kiosk Mode. It is recommended that for all browsers on all computers that are certified for Kiosk Mode that you do not remove Cookies. If Cookies are removed, the terminal will need to be configured again.

Virtual Code Authentication - User Guide for Administrators 18 Certifying and Configuring a Computer The configuration of this feature must occur on the computer being certified for kiosk mode. Administrators will log in using the MFA process. Navigate to: Company Settings > Global Setup > Company Setup and add the Kiosk Mode Non Virtual Code widget by clicking the Edit Tabs icon and selecting it from the Available Windows list. Multiple entries can be created on each terminal and each IP Address. No maximum on the number of terminals that can be added. If using more than one computer to set up Kiosk Mode, the same Static IP Address may be used for each computer. Step 1: Click the Certify This Kiosk to register the terminal. Step 2: Enter a Name in the Kiosk Name field. The IP Address of the kiosk will automatically be filled. Example: De-Certifying a Computer You may de-certify a computer from Kiosk Mode by deleting Cookies in the web browser or by clicking the red X in the widget and deleting the terminal from the list.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information