Logon Setup

The Master user can set the logon requirements for employees to access HRMS Employee Self Service. These rules apply to all employees in all companies in your system and include:

• Information an employee must provide to set up a logon and access the system
• Status that employees must have to be permitted to log on
• Providing access to terminated employees for a set number of days after their termination date
• Password properties (such as length and expiration)
• Number of failed attempts before an employee is locked out
• Number of logon history entries to maintain
• Selecting Security Questions employees will use to reset their account password

Note: The system validates the logon settings only when the employee logs on to the system. Even if an employee is locked out of the system, they can still create a logon or change or reset their password, but they cannot log on to the system.

To specify logon settings

1. Log on to HRMS Employee Self Service as the Master user.
2. On the System Administrator menu, select Roles and Logon > Logon Setup.

3. On the Logon Setup page for Initial Logon Fields, set the drop-down to Yes for one or more fields (such as Last Name or Employee Number). When an employee creates a new logon or requests to have their password emailed to them, they must enter this information.

   If your company that has two or more employees with the same last name, select a combination of fields that includes more than just Last Name, such as:

   • Last Name and SSN/SIN
   • First Name, Last Name, and Date of Birth

   Note: For security reasons, the social security number (or social insurance number) is masked (in the same way as a password) when entered on the Create New Logon page or the Change or Reset Password page.

4. In the Employee Status area, set the drop-down to Yes for one or more employee statuses for employees who are allowed to create a logon, change their password, and log on to the system. If their status does not match a selected status, they are not allowed to create a logon.
5. To allow terminated users access to HRMS Employee Self Service, set the Terminated status drop-down to Yes and enter a value in the Days To Expiration text field. The value in the Days To Expiration field will be used to determine the number of days a terminated employee will have access to HRMS ESS after their termination date. This number can be from 0 to 9999.
   1. Setting this value to 0 allows zero days of user access upon termination.

      Note: You can also manually adjust the date a terminated employee can access HRMS ESS by setting the Access Expiration date directly on the Logon Maintenance screen on a per user account basis.

6. In the Self Service Password Properties area, specify the properties. More...

   Items in the Self Service Password Properties area

    

   Item	Description
   Disallow User Information	Set this drop-down to Yes to prohibit the password from containing the username, first name, last name, or company ID
   Disallow Similar Password	Set this drop-down to Yes to prohibit the password from being similar to previous passwords. For example, passwords that increment (Password1, Password2, Password3) will not be allowed.
   Minimum Length	(Required) Enter the minimum number of characters (from 4 to 24) for the length of the password.
   Minimum Numeric	(Required) Enter the minimum number of numeric characters in the password.
   Min. Uppercase Characters	(Required) Enter the minimum number of uppercase characters in the password.
   Min. Lowercase Characters	(Required) Enter the minimum number of lowercase characters in the password.
   Min. Special Characters	(Required) Enter the minimum number of special characters in the password.
   Expires Every __ Days	Enter the number of days after which a password expires. This number can be from 0 to 999. If the password will not expire, enter 0 or leave this item blank.
   Allow Reuse After __ Changes	Enter the number of times that a password must be changed before a previously-used password can be reused. This number can be from 0 to 99. To allow a password to be reused at any time, enter 0 or leave this item blank. Example: This item is set to 3. A user sets her password to daisy. When the password expires, she cannot use daisy again until after she has changed her password 3 more times.

   Note: It is good practice to give your employees guidelines for creating strong passwords.

7. In the Logon Properties area, specify the properties. More...

   Items in the Logon Properties area

    

   Item	Description
   Lock Logon After __ Failed Attempts	Enter the number of failed logon attempts allowed before the employee is automatically blocked from logging on. If you never want to lock the logon, enter 0 or leave this item blank. When failed logon attempts cause a lockout, the Status on the employee's Logon Maintenance page is automatically changed to Locked
   Unlock Users Automatically After __ Minutes	If want to have a locked logon automatically unlocked after a certain number of minutes, enter the number of minutes. Note: This only applies when the system locks a user's logon after a number of failed logon attempts. This does not automatically unlock users who were manually locked out (by changing their logon status manually to Locked on the employee's Logon Maintenance page). If you do not want to automatically unlock users, leave this item blank.
   Maintain Logon History __ Records	To display logon history on each employee's Logon Maintenance page, enter a number from 0 to 99 for the number of history entries to show. If you do not want to track or display the logon history, enter 0 or leave this item blank.
   Additional Authentication	To apply an Additional Authentication method to the HRMS Employee Self Service logon process, select an option from this drop-down list. The default option is None; no extra authentication is enforced. The other options are: Security Question: Employees must answer their security question correctly to log in. Email Verification Code: Employees receive a code by email that they must enter to log in. The email address is the one associated with the employee's account. If the code expires or cannot be verified, the employee can request a new one by clicking the Resend Code button. Authenticator App: Employees must use an Authenticator application when this option is set. Employees will need to install an Authenticator app on their smartphone and register the application with their Employee Self Service account. The Authenticator app will then be used in conjunction with their existing username and password to access ESS. Note: SMTP (Simple Mail Transfer Protocol) must be set up and configured to use the Email Verification Code option to send emails. You must enable SMTP in System Maintenance to proceed.

   Note: It is good practice to give your employees guidelines for creating strong passwords.

8. In the Logon Reset Message area, enter a custom message that your employees will see when cannot successfully log on and they click the Username and Password Help link on the HRMS Employee Self Service Logon page.

   The maximum length of the message is 255 characters. If you leave the message area blank, the system displays the default message, which is "Contact your administrator for assistance."

   We recommend that you give specific instructions for dealing with lost or forgotten user names and passwords. Example...

   Example: The following message provides contact names, phone numbers, and email addresses.

   Company Employees: If you need help with your ESS username or password, contact the HR Administrator for your region.

   West  Coast employees: Madeline Smith, 555-123-4567 extension 123 (or [email protected]).

   East Coast employees: David Jones, 555-765-4321 extension 321 (or [email protected])

   For assistance after business hours, send an email to [email protected].

9. Review the User Licenses area. The system keeps track of how many user licenses were purchased, how many are currently in use, and how many are still available. See Employee user licenses.

10. Unless your system is set up for Windows Authentication, you must select security questions in the Security Questions area of the page. You must select five to ten questions. You can also create custom security questions to be in this list.

    When an employee creates a new logon on the Create New Logon page, they choose one of these security questions and provide a security answer. Later, when the employee attempts to change or reset their password, their chosen question is presented. If the answer they provide does not match the answer they specified when they created their logon, they are returned to the Employee Logon page with a message that the logon information could not be verified.

    Note: After you select the security questions and save the information, you cannot remove a selection that an employee has chosen (because the question has become part of the employee’s logon history).

11. When you are finished, click Save.

    The settings apply the next time an employee logs on to the system. For example, if a terminated employee is currently logged on to the system and you change the Employee Status to lock out terminated employees, terminated employees still have access to their pages until they log off. However, they will be locked out the next time they try to log on.