Protecting Employee Data
We are committed to protecting employee data. This includes keeping your data safe and reduce security risks, our workforce management solution now offers additional security options that will slightly change the way employees access the application.
Employee access to the system will now require a more complex password, as well as multi-factor authentication. Similar to online banking processes, multi-factor authentication adds an additional level of security by requiring you to enter a randomly generated six-digit code in addition to your user name and password during log-in.
The security combination factors are as follows:
Password=something you Know
Code=Something you Have
Logins that will not require a second factor of identity:
- Mobile application
- InTouch Time Clocks
- Web Clocks*
- Single Sign On
- Job Applicant Logins
*Multi-Factor Authentication will not be required when using a Web Clock unless the Login feature is used. Once you have setup authentication preferences on a system portal, your new password can be used on the Web Clocks.
New Log-In process required
The new -- more secure -- login process is summarized below.
1. Enhanced Password Standards:
Going forward, your password must contain a minimum of 8 characters and include at least on of the following:
- Uppercase Letter
- Lowercase Letter
Note: Passwords have up to 90 days before they expire and need to be changed.
2. Multi-Factor Authentication:
After you enter your username/password click login, if the system does not recognize this computer as one you have used in the past 30 days, the system will require a second form of authentication before you can continue. A code will be emailed, texted, or sent to you via an automated voice call, which you will then enter to access the system.
Next Steps: What do you need to do?
Step #1 Start your login process as usual.
After you successfully enter your username and password, the system will prompt you for a new password (even if your current password already meets the new standard). The password criteria will have to meet the new standards outlined above. (There will be on-screen instructions to walk you through this process.)
Step #2: After changing your password, you will be prompted to configure the Multi-Factor Authentication settings. Up to three methods can be configured for receiving the code, as follows:
- SMS Mobile #: Will be used to send codes via text message (preferred method)
- Email: Will be used to send codes via email address
- Voice Phone #: Will be used to send codes via phone call
You may choose to enter all three or only one of these options.
The system will have pre-filled any phone or email that is already listed in your account; however if you want to use another phone/email for the purpose of receiving the code, those fields can be overwritten with new information.
When done, click save. Once this step is completed, you will be logged in to the system. (If you change your email or phone number in this process, it will not replace or update information entered in your employee profile. This is used strictly for code authentication.)
Next time you log in, the system will list the methods you have selected in the setup process, and you will be able to select one of those. The system will generate a random six-digit code and send it to you. After you have entered the code, the system will validate the number and grant access to the application.
Important: If this is your office or home computer that you will use in the future to login, you should check the box to avoid the code requirement on future logins from “this computer.” The verification code on this device will be valid for 30 days.
As a best practice, this option should ONLY be checked on an individual personal computer and should never be checked on a shared computer.
Frequently asked questions
- Can you opt out of using Virtual Code Authentication (VCA)?
- No, Using VCA is a requirement of the system.
- You can check if the company has an email address under Company Settings > Global Setup > Company Setup > Company Info.
- You should also check if emails going to their junk/spam folder? This is very common. You may also have an external junk email blocking service. Verify with your IT group that the emails are not being stopped due to security settings.
- Is there a firewall in place that is prohibiting the email from coming through? If so you can whitelist our mail server address - smtp.saashr.com.
- Did the employee include their area code when they keyed in the phone number?
- Confirm the cell service provider, some carriers are remote and do not allow such messages to flow through.
- No, if you are logging into the system via SSO you will not be affected by the new security enhancements as authentication via username, password and other means is the responsibility of the primary system the employee's log into.
- Submit a ticket to firstname.lastname@example.org or https://support.beyondpay.com. You will be asked for an email from a company officer that requests we reset their password and/or unlock their username.
- Kiosk mode. This will allow you to bypass needing to enter in a VCA code. Kiosk mode does not need to be set up on each individual computer that will utilize this option. Instructions can be found within the VCA user guide.
- A VCA code will not be required to strictly punch in/out.
- Users will be prompted to change their password and configure how they receive the VCA code only when they attempt to log in.
- A user with security access to clear VCA configuration will need to go onto the employee profile and click the button "Clear VCA Configuration".
- The option to remember the device is both browser and computer specific. If an employee first uses Internet Explorer to log in with a code & chooses to remember the device, but ten uses Chrome to log in the next time, they will be prompted for the code. This is also true for each computer they access the system from.
- Also, you can confirm that the user's browser set up to delete cookies when they close out. The code is stored in the user's cookies. If they are regularly clearing/deleting their cookies they will be asked to enter in a new code when they log in.
- The code is "live" for 15 minutes from the time it is generated. For emails, if the employee clicks the option to send email multiple times each previous code will be deactivated and only the most recent email/code will work.