ESS Security Enhancements

Similar documents
User Administration. User Administration Help

View your employment information online!

Celadon Password Self-Service

ARUP Connect Login User Manual November 2017

2017 Accenture. All Rights Reserved. PWM USER GUIDE

WinCapWEB- New User Account Registration

Login and identity management

FORGOT PASSWORD INSTRUCTIONS

Qvidian Proposal Automation Enable New Users

How to change your password - Students

OLLI Online Registration Training

State of Hawaii Department of Education. Self-Service Password Manager User Guide

Welcome to State Bank of Herscher s Online Banking!

Guide to Employee Self Service

Hitachi High Technologies America, Inc. Password Policy

Login Page. A link is provided on this page allowing new users to register.

unifiedess 701 Login Help

An Introduction to the WealthCare Portal Online Employee Benefit Management Registration and Setup Instructions

EMPLOYEE MAINTENANCE (DEM) USER GUIDE (v 2.8)

PPG Knowledge College elearning Portal Help Manual

MyClinic. Password Reset Guide

USER GUIDE LEARNING TO USE THE VERISCREEN SYSTEM

With MFS Contribution Direct, you can streamline your contribution process by setting up rosters once and then using them for each pay period.

How to Set Up a New Pay Account With CIC Plus. Forgot User ID or Password Support

How to Reset your exprs User Password (updated 7/9/2018)

IT Access Portal User Guide (Employees)

Getting Started Accessing Okta All Employees

AgentWorks Administrator and Manager User Guide - Release 12.5

Compli-9 Electronic I-9 Step-By-Step Procedures for the Employer

2. Login using your CAPPMIS User Name and Password and Click on IDP tab at the top of the screen.

Two Factor Authentication

This job aid will show Portal Administrators and users how to perform self-serve tasks for their account.

Care360 Labs & Meds Frequently Asked Questions

Level 3 - Bechtel Internal & Select External Distribution Reston t bechtel.com 1 INFRASTRUCTURE MINING & METALS

SHO LAUNCHPAD USER GUIDE

WEALTHSCAPE INVESTOR ONLINE ACCESS

A GUIDE TO MEMBERSWORLD - GETTING STARTED - MAKING CLAIMS - CHECKING CLAIMS PROGRESS - SUBMITTING PRE- AUTHORISATION REQUESTS

How can I view my W2 on Vibe?

MULTI-FACTOR AUTHENTICATION SET-UP

How to Enroll into Health Benefits via Employee Self Service: Qualifying Event/Hardship

Fair Isaac Product Name User s Guide ENHANCEMENT NOTIFICATION Fair Isaac LenStar. Security Requirements

Initial Setup of an account receiving VPN Token Code via

Initial Direct Access Sign On/Change My Password/Forgot Password Overview

Date Last Updated: December 5, 2011 (TEL) Date Last Printed: July 17, 2012

BIDMC Multi-Factor Authentication Enrollment Guide Table of Contents

Attorney Registration System User Guide

Secure Access Manager User Guide December 2017

Commercial Cardholder Portal Login Help v1.1. Contents

Iron Workers District Council of Western New York and Vicinity Benefit Funds. iremit Online Remittance Instructions

Employee Connect Help Guide

The first step you should take in order to be able to use the system is accessing our web page. Follow these steps to gain access to the system:

Industry Access Portal User Manual

KHEDS Account Creation and Maintenance URL:

The MSU Department of Mathematics "Account Manager" can be used for the following:

Guide to your CGIAR Network account Self Service tool

Decision Power Insight TM. Training Module I. (TeleCheck Decisioning Only) Accessing eport

MobiMoney Framework Card Control Card Alerts

M-DCPS Password Management For Employees

Registration for Online Services at Drayton Medical Practice

The Seasonal Employee Portal. Logging in to Workday for the First Time

StarID Self Service Functions

NetTeller Online Banking

Faculty Training. Blackboard I Workshop Bobbi Dubins

NCEdCloud IAM Service Student Login Information Student Accounts Secondary (Grades 6-13) Table of Contents

ANNEX A GETTING STARTED WITH SINGAPORE STUDENT LEARNING SPACE Instructions for Students

Accessing TAS and the CSC Portal

How to reset your password when given a PASSCODE from the IT Service Desk. Page 2-8. How to change a Forgotten Password by Yourself.

Message Networking 5.2 Administration print guide

Plan Sponsor Security Quick Reference

Cummins Online Login not 2

This user guide covers how existing CSUFEDU Qualtrics account users can migrate their account from the CSUFEDU brand to the Fullerton brand.

CRI - REGISTER FOR A CLASS ON-LINE

True Potential Client Site

CCIS. Critical Care Information System. Login Guide. Version /12/2015. Prepared By: CCIS Provincial Implementation Team.

Using the New UCOP UAT Validation Reports for Graduate Admissions

Employee Self Service. Getting Started Guide

Logging into JJ Nexus for the First Time

Advanced ASP.NET Identity. Brock Allen

Updates To The Reliance Bank Mobile Banking App

Access Guide for New Donor Connect Users

Quanum elabs and Quanum EHR Basic Functionality Frequently Asked Questions

Employee Self Service Quick Reference Card

Logging In - Administrators

DIRECTOR, MEMBER SERVICES

Once the information above is answered correctly, you will be allowed to create a new password.

ENROLLING FOR YOUR SYKES HOME TRAINING

unsuccessful attempts.

emerge USER GUIDE Provided By:

WEB ORDER ENTRY SYSTEM USER MANUAL. Produced for

See/Jump Controls INTRODUCTION CONTENTS OVERVIEW 2 GIVING SEE/JUMP PERMISSIONS VIA MEMBER PERSONAL BANKER 4

Mountain Credit Union MCU Online Banking

13241 Woodland Park Road, Suite 400 Herndon, VA USA A U T H O R : E X O S T A R D ATE: M A R C H V E R S I O N : 3.

Madison Employee Self Service (ESS)

Using the Vita Group Citrix Portal

Sysco Market Login Help

Instructions for Accessing Student Access Center (SAC)

E X O S T A R, LLC D A T E : M AY V E R S I O N : 4.0

MyChart User Guide. RiverBend Medical group

Exostar Identity Access Platform (SAM) User Guide September 2018

Where to Upload The address to upload images for Tri-Club is: Tri-Club

Transcription:

ESS Security Enhancements payentry.com Employee Self Service Enhancements 1

Table of Contents INTRODUCTION 3 EXISTING EMPLOYEES 3 Existing Employee -Email Address 4 Existing Employee - Username 4 Existing Employee - Password 4 NEW EMPLOYEES 5 ACKNOWLEDGEMENT 5 FORGOTTEN PASSWORD 6 PASSWORD REQUIREMENTS 6 ESS SECURITY ENHANCEMENTS 7 COMPANY PARAMETERS 7 LOGGING 8 ESS PAGES 8 Login Page 8 Account Maintenance Page 12 Request Employee Login Information Page 14 Employee Self Service Company Parameters 15 Employee Setup Page 16 Employee Self Service Access Page 17 payentry.com Employee Self Service Enhancements 2

Introduction This document describes the changes made to the Employee Self Service (ESS) product to enable employees to login without having to use their social security number, to improve security by forcing employees to change passwords periodically, and to provide a mechanism for employees to obtain their login information automatically. Goals 1. Employees will login to ESS using a username and a password. The Social Security Number will no longer be used. 2. Reduce the need for support activities by allowing employees to request that their login information be sent to them via email when they do not know it. 3. Reduce the need for support activities by allowing the employee to change their login access information directly. 4. Improve ESS security by implementing one-way encrypting of passwords when they are stored in the database. 5. Improve ESS security by making passwords harder to crack by ensuring passwords meet certain size and content requirements. 6. Improve ESS security by forcing users to change their password periodically. 7. Improve ESS security by limiting the number of failed logins before disabling logins for the employee. 8. Allow companies to configure various security policies such as time before passwords expire, time before passwords are allowed to be reused, and maximum failed login tries. Existing Employees Employees already set up to use ESS, are not necessarily already set up to access ESS using the new method for logging in. Some things that may or will need to change are: They currently log in using their Social Security number They may not have an email address in the system They will need to be assigned and informed of a new username one that is not their Social Security Number Their password may not fall in line with the new password requirements. In order to facilitate the changes, existing employees who are already set up to access ESS can still log in with their Social Security Number. They will be allowed to do this just to gain access to ESS where they can provide the necessary information to be converted to the new method for logging in. Changing an employee over includes allowing the employee to provide a valid email address if one is not in the system already, changing their password if it does not comply with the new rules, and informing them what their new username is. payentry.com Employee Self Service Enhancements 3

Existing Employee - Email Address If an existing employee does NOT have an email address stored in the system, they will be prompted to provide their email address. The employee will be prompted to enter their email address and their current ESS password for authentication purposes. An email message will be sent to the entered email address asking the employee to verify that they received it. The employee will not be allowed to access ESS until they have acknowledged receipt of this email message. Once the employee has submitted their email address, a message will be displayed in the browser informing them that they must verify the email address by opening the email message and clicking on the verification link. If the user accidentally entered the wrong email address, they will be given a chance to re-enter it at this point as well. See the Acknowledgement section for more. The employee can change their email address from the Account page in ESS once they are logged in. See the Account Maintenance Page section for more detail. Existing Employee Username Existing Employees can log in using their Social Security once so they may provide the necessary information so they can use the new method of logging in. Going forward, existing employees will no longer be allowed to login with their Social Security Number. When they initially log in using their Social Security Number, they will be assigned a new username. The new username will be initially set to their email address. This change will be presented to the employee to acknowledge in the web browser. In order to do this, the employee must check the box next to the acknowledgement statement and provide their current password for authentication purposes. Once the employee has acknowledged the change, an email message will sent to the employees email address informing them of the change. Once the employee has acknowledged the username change, they must use this username to login to ESS in the future. The employee can change their username from the Account page in ESS once they are logged in. See the Account Maintenance Page section for more detail. Existing Employee - Password If an existing employees password does not meet the minimum requirements for a password (see Password Requirements section), they will be prompted to change their password. The reason the password must be changed - why it doesn t meet the new requirements - will be presented to the employee. When changing the password, the employee must enter the new password twice to help ensure that they do not misspell the password. The password will be stored in the database with an encrypted value. payentry.com Employee Self Service Enhancements 4

The employee can change their password from the Account page in ESS once they are logged in. See the Account section for more detail New Employees When employees are first granted access to ESS via the Employee Self Service Access Page they will be sent an email message with their default username and password. The employee must acknowledge receipt of the email message before they will be allowed to login to ESS. See the Acknowledgement section for more. The first time a new employee logs into ESS, they will be forced to change their password before being allowed to continue. The employee can change their username or password from the Account page in ESS once they are logged in. See the Account section for more detail. Acknowledgement Employees will be sent an email message with an acknowledgement link in it when: They are initially granted access to ESS Their ESS account has been reset from the Employee Self Service Access Page Their password has been reset or email address has been updated from the Employee Setup Page They have forgotten their login information and have requested it be sent to them. They have updated their email address via the ESS Login Page Their account has been disabled due to too many failed logins see the ESS Security Enhancements section for more They have changed their email address via the Account Maintenance Page When one of these events happens, the employee will need to open the email message and click on the acknowledgement link or paste the link in their browser. They will then be presented with a web page informing them that they can now log in. When they log in after acknowledging the receipt of the email message, they will be forced to change their password before being allowed to continue. payentry.com Employee Self Service Enhancements 5

Forgotten Password On the Login Page to ESS, there is a link to the Request Employee Login Information Page where an employee can navigate to if they do not know their username or password. This page allows the employee to request their username and password be sent to them. The employee must enter their email address. They are then required to further verify their identity by answering a personal question. This question can be set up by the employee in the Account Maintenance Page. If the employee has not set up a question, then the default will be to ask them for their social security number. Once the employee has correctly verified themselves, a message will be displayed in the browser telling them an email message has been sent to them with their login information. The email message is an Acknowledgement message and the employee must acknowledge receipt of the email before they can log in. Password Requirements All passwords will now be required to meet certain minimum requirements to help ensure that they are less likely to be cracked. All passwords must be between 8 and 32 characters in length. They must contain at least one numerical character (1234567890) and at least one non-numerical character. When Passwords are stored in the database they will always be encrypted. This is a one-way encryption method and the password cannot be retrieved from the database. Passwords will expire after a certain amount of time, and the employee will be forced to change it the next time they log in after it has expired. The amount of time allowed before a password expires is configurable per company via the Employee Self Service Company Parameters Page. Passwords cannot be reused for a certain period of time. If the employee enters a password that has been used previously when they change their password, they will be informed that it cannot be used because it has been used in the past and must enter another value. The amount of time allowed before a password can be reused is configurable per company via the Employee Self Service Company Parameters Page. Whenever an employee is forced to change their password, they will be informed as to why they are being forced to change it. Some reasons are: Password has expired. For an existing employee, their old password does comply with the new guidelines. They are initially granted access to ESS Their ESS account has been reset from the Employee Self Service Access Page payentry.com Employee Self Service Enhancements 6

Their password has been reset or email address has been updated from the Employee Setup Page They have forgotten their login information and have requested it be sent to them. They have updated their email address via the ESS Login Page Their account has been disabled due to too many failed logins see the Account Security section for more They have changed their email address via the Account Maintenance Page ESS Security Enhancements Various changes have been implemented to ensure and enhance ESS security. These changes include: An employee s access will be disabled if there are too many failed login attempts to the account. The number of times a failed login is allowed before access is disabled is configurable per company via the Employee Self Service Company Parameters Page. When Passwords are stored in the database they will always be encrypted. This is a one-way encryption method and the password cannot be retrieved from the database. Passwords cannot be reused for a certain period of time. The amount of time allowed before a password can be reused is configurable per company via the Employee Self Service Company Parameters Page. Passwords will expire after a certain amount of time. The amount of time allowed before a password expires is configurable per company via the Employee Self Service Company Parameters Page. Whenever an employee s email address is changed, an email is sent to the old email address as well as the new email address. This will help ensure that if an email address is changed without the employees knowledge, they will also receive an email informing them of the change. The user will need to answer a personal question when they request their forgotten login information. Company Parameters The following values will be configurable parameters for each company; they will be able to be set up from the Employee Self Service Access Page (in co): The number of days for disallowing previously used passwords (365 default, range 1-999) The number of days before the employee s password expires (90 default, range 1-999) The maximum number of times a failed login is allowed before an account is disabled (5 default, range 1-99) payentry.com Employee Self Service Enhancements 7

A phone number the employee can call to get support with ESS. This number will be displayed on the login page. This parameter is not required, it is optional. An email address the employee can use to contact personnel to get support for ESS. This parameter is not required, it is optional. Logging All changes to passwords, requests for passwords, or requests for usernames will be logged in the ee_activity_log table in the Account database. ESS Pages The pages described in this section have been changed or added to implement the necessary changes to meet the required goals. Login Page The login page in ESS has been changed in the following ways: It will now ask for a username and password, instead of a social security number It will allow the employee to log on using their SSN, inform them of their new username, and prompt them to acknowledge that it will be changed. It will not allow further access until the employee has acknowledged the username change. It will not allow the employee to log in using their SSN after it has been acknowledged. It has a link to the Request Employee Login Information Page so the employee can request their login information if they have forgotten it It will determine if the employee needs to change their password and prompt them to change their password, not allowing further access until it has been changed. It will determine if the employee does not have a valid email address and prompt them to enter it, not allowing further access until it has been entered. It will send out the necessary email messages to inform the employee of any changes to their account or too validate the changes via an acknowledgement. It will prevent the employee from logging in if the employee must acknowledge receipt of an email message It will log entries to for any changes to the employee s login information. It will display a phone number and/or an email address the employee can use to obtain support for ESS. This will be displayed once the employee has logged on, but needs to provide additional information or perform additional tasks in order to proceed. These will only be displayed if the appropriate parameters for the phone number and/or email address have been set up for the company. The login page will now prompt the employee for a username instead of a SSN. There is also a link to click if the employee cannot remember their access information. payentry.com Employee Self Service Enhancements 8

If the employee does not have an email address in the database, they will be prompted to enter one. Once the employee has provided their email address, the employee will be asked to verify that they have received the email by opening it and clicking on the verification link. payentry.com Employee Self Service Enhancements 9

If the employee has logged in with their SSN they must acknowledge that they have been informed they cannot log in anymore with their SSN. If the employee s password does not meet the Password Requirements they will have to provide a new password that meets the requirements. If they must do either of these, they must also provide their current password as a means of making sure it is the employee making the change. payentry.com Employee Self Service Enhancements 10

A confirmation screen informing the employee that the changes have been made and that an email message was sent telling them that it was changed is then displayed. The employee can continue to login. payentry.com Employee Self Service Enhancements 11

Account Maintenance Page The Account maintenance page in ESS has changed to allow the employee to set and change the following: Password An employee can change their password. They must enter their new password twice for confirmation purposes as well as their current password to help authenticate the change. The password must meet the Password Requirements and not be a password used in the past. Username - An employee can change their username. They must enter their new username as well as their current password to help authenticate the change. The username must be unique within the system; it cannot already be in use. Email Address An employee can change their email address. They must enter their new email address as well as their current password to help authenticate the change. An Authentication Question and Answer when an employee makes a request to be sent their login information they must answer this question. Whenever one of the values is changed, the appropriate email message will be sent to the employee informing them of the change. The employee will be required to acknowledge the receipt of the email when they change their email address. Additionally, an email message will be sent to the current and new email address when an email address is changed. The employee can change their password and their username on this page. payentry.com Employee Self Service Enhancements 12

The employee can also change their email address and their authentication question and answer on this page. payentry.com Employee Self Service Enhancements 13

Request Employee Login Information Page This is a new page in ESS to allow the employee to request their login information be sent to them in an email message. The page will first prompt the employee to enter their email address. Once they have done so, the employee is then prompted to answer a personal question to further verify their identity. This question can be set up by the employee in the Account Maintenance Page. If the employee has not set up a question, then the default will be to ask them for their social security number. Once the employee has correctly verified themselves, a message will be displayed in the browser telling them an email message has been sent to them with their login information. The email message is an Acknowledgement message and the employee must acknowledge receipt of the email before they can log in. payentry.com Employee Self Service Enhancements 14

Employee Self Service Company Parameters This is a new page in the Company application. It allows the setting up of company parameters. These parameters will vary from company to company and allow each company to configure their own policies or values for certain items. The items that can be configured are as follows: Days before password expires Days before password can be reused Maximum failed login tries payentry.com Employee Self Service Enhancements 15

Employee Setup Page This page in the Company application has been changed to be able to reset an employee s username, password, or email address. Whenever one of the values is reset or changed, the appropriate email message will be sent to the employee informing them of the change. The employee will be required to acknowledge the receipt of the email when their email address has been changed. Additionally, an email message will be sent to the current and new email address when an email address is changed. payentry.com Employee Self Service Enhancements 16

Employee Self Service Access Page This page in the Company application has been changed in the way it allows specific employees from a company to be granted or denied access to ESS. When the Specific Employee s Only option is chosen, a table of all the employee s names for the company, along with their social security numbers and email addresses, will be displayed. If the employee has an email address, they can be granted or denied access to ESS. Each employee can be granted or denied access individually, or all employees can be granted or denied access. Each employee s login information can be reset by clicking on the reset button next to their name. When the employee s login information is reset, an email message will be sent to the employee informing them of the change. The employee will be required to acknowledge the receipt of the email. The employee s name in the list of employee s is a link to the Employee Setup Page for that employee, where the employee email address can be set up. Additionally, the capability to set passwords to a default value has been removed. Instead of this capability, passwords can be reset for employees, where an email message will be sent and the employee must verify the receipt of the email before they can log in. payentry.com Employee Self Service Enhancements 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback