Security

Security


Overview of the Security Module

In the HRPlus Security Module comprehensive features are available to allow/restrict user access to specific HRplus modules, modes of operation (e.g. update, inquiry), levels with the Company (e.g. Company, Division, Department), Pay Groups, position views and report processing options.

The application supports two (2) levels of security:

1.     Front end security which controls access to all menu items and, therefore, all access to windows and reports, and

2.     Back end security which, through ANSI SQL compliance, supports control of all Select, Insert, Update and Delete permissions on all columns, tables and views of the database. This security is further enhanced by access being restricted through stored procedures and database triggers. Full transaction processing is implemented on all multi-table updates and referential integrity is enforced throughout the system.

Cascading updates and deletes are implemented for easy management of linked tables. It is possible to cascade employee, department, and other Id changes through the application. All inserts, updates, and deletes to the database are done via stored procedures and triggers for blazing speed and superior security controls, and are designed for use in a true open systems environment. The database is encrypted and online or off-line Incremental or full Back-up and Restore facilities are available.

Access to HRplus is restricted by means of password control. Each user is required to log on to the system via a user Id and a password. The application then tracks the user via the user Id. All permissions to all areas of the application both on the front end and the back end are based on the user Id. For easy administration of many users, the application uses the concept of user groups whereby a person being made a member of a user group is granted all the permissions of that group. Database Administrators can define the configuration of passwords, track user logon times and set restrictions on user logon access to the database.

Due to the complex nature of the HRplus Security Module, it is strongly advised that a detailed plan be constructed before security implementation in the application is undertaken. An examination of the Security module prior to security implementation will assist in the construction of the security plan and ensure its effectiveness.

The Database Administrator should enlist the assistance of those individuals e.g. HR Manager, Payroll Manager who may be more familiar with the structure and security requirements of the HR and Payroll divisions of the organization.

The Security Module contains sub-menu options or functions within which we can work. They are:

A Guide to using the Security Module

A Brief description of the menu options are given below:


Steps

Description

Step 1

Security Settings:

 

Security>>Security Settings>>Password Configuration Security>>Security Settings>>Oauth Settings

 

Password Configuration

 This option allows you to configure the security settings including Password Configuration.

 

Oauth Settings

 This option allows you to configure Oauth settings for secure authentication (Single Sign On (SSO)).

Step 2

New User:

 

Security>>New User>>Create Single User Security>>New User>>Create Batch Users

 

Create Single User

 This screen allows the client to add a new individual user.

 

Create Batch User

 This screen allows the client the client to add multiple users at once

Step 3

User Administration:

 

Security>>User Administration

 

User Administration

  This screen allows you to manage user accounts and permissions.

Step 4

Module Audit:

 

Security>>Module Audit

 

Module Audit

 This feature allows the user to track and audit module usage and changes.

Step 5

Login Activities:

 

Security>>Login Activities

 

Login Activities

 This option allows you to view the login and logout activity of the end users including their IP address.


Glossary of Terms found in the Security Module

A

Access Control: Measures that ensure only authorized users can access certain resources.

Authentication: The process of verifying the identity of a user or system.

Authorization: The process of determining what resources a user is permitted to access.

B

Batch User: An employee user account created in bulk with other employee users, processed in one transaction using the batch user feature.

C

Cipher: An algorithm for performing encryption or decryption.

Changing Passwords: The process of updating a user’s password to maintain security.

Core User: A primary user who has extensive access and responsibilities within the system, particularly to the HRplus core modules such as Personnel, Payroll, Benefits, etc. D

Data Encryption: The process of converting plain text into a coded format to prevent unauthorized access.

E

Encryption Key: A piece of information, in a form of a string of characters, used by an encryption algorithm to transform plain text into ciphertext or vice versa.

F

Firewall: A network security system that monitors and controls incoming and outgoing network traffic.

G

Global ID: A unique identifier assigned to a user that can be used across multiple systems.

Grant/Revoke Company Access: The process of allowing or denying a user the ability to access company resources. L

Login Activity: The tracking and monitoring of user login attempts and sessions.

M

Mail Server: A server that handles and delivers email over a network.

Mail Server IP Address: The specific IP address assigned to a mail server for communication purposes.

Malware: Malicious software designed to harm, exploit, or otherwise compromise a computer system.

Make Duplicate User IDs Unique: The process of ensuring each user ID within a system is distinct to prevent conflicts and ensure proper identification.

Module Audit: The process of reviewing and ensuring that a security module is functioning correctly and securely.

Multi-Factor Authentication (MFA): A security system that requires more than one method of authentication from independent categories of credentials.

N

New User: An individual who has recently been granted access to a system and has a newly created account.

P

Pay Group Access: Permissions granted to a user to access specific payroll groups within HRplus.

R

Restrict Position Access: Limiting a user's ability to view or interact with sensitive data, based on their job role or position within the organization.

Random Password: A system-generated password with a random sequence of characters, sent to batch users via email to ensure unique and secure initial access.

Reset Password: The process of changing a user’s password, typically when it is forgotten or compromised.

Restrict User Reports: The process of limiting a user’s ability to access certain reports within a specific HRplus module.

S

Self Service User: A user with permissions to manage their own information, such as viewing payslips, personal details, and password resets.

Single Sign-On (SSO): An authentication process that allows a user to access multiple applications with one set of login credentials.

Static Password: A password that is entered by the system administrator when creating batch users. The password is the same for all users, and two-factor authentication must be enabled when this option is being used.

T

Two-Factor Authentication (2FA): A method of confirming a user's claimed identity by utilizing a combination of two different factors: something they know, something they have, or something they are.

U

Unlink Employee Profile: The process of disconnecting an employee’s profile from a user account.

User Database: A central repository of user information, including personal details, job history, and access permissions.

User Group: A collection of users with similar access rights and permissions to the same module or module features within HRplus.

User ID: A unique identifier assigned to a user for accessing a system.

User ID Protocol: The guidelines and rules for creating and managing user IDs within a system.

User Signature: A digital representation of a user's signature used for authentication and authorization.

V

Virtual Private Network (VPN): A service that encrypts your internet traffic and protects your online identity by hiding your IP address.

Vulnerability: A weakness in a system or its design that could be exploited by a threat to gain unauthorized access to or perform unauthorized actions on a computer system.


Security Module Updates: What's New?

This article provides a summary of recent updates to the HRplus Security module, focusing on key enhancements. These updates include new features, fixes and improvements designed to improve both user experience and the effectiveness of the module.

September 13th – November 1st, 2024

1. Password Length: New feature Password Length. Read more here: HRplus Learn.

June 26th – July 12th, 2024

1. User Administration Enhancements: Improvements to user management for easier administration of security roles. Read more here: HRplus Learn.

June 17th – June 26th, 2024

1. Additional User Administration Features: Expanded controls for managing users, including new tools for security administrators. Read more here: HRplus Learn.

April 8th – May 4th, 2024

1. Change Default Settings: Added configuration options allowing customization of default security settings for user roles. Read more here: HRplus Learn.

February 6th – March 1st, 2024

1. Account End Date: A new feature allowing administrators to specify account expiration dates to enhance security compliance. Read more here: HRplus Learn.

January 3rd – February 6th, 2024

1. Batch User Creation: Streamlined the process of creating multiple users at once, reducing the time required for large-scale onboarding. Read more here: HRplus Learn.

November 4th – December 12th, 2023

1. Batch User Creation Enhancements: Expanded on batch user functionality for smoother management of user accounts. Read more here: HRplus Learn.

October 8th – November 4th, 2023

1. Password Expiry Notifications: Introduced in-app pop-up reminders for password expirations to ensure timely updates by users. Read more here: HRplus Learn.

September 1st – October 8th, 2023

1. Forgot Password and User Management: Enhanced password recovery tools and made user administration more intuitive for security managers. Read more here: HRplus Learn.


August 15th – September 1st, 2023

1. User Groups and IDs: Improved organization of user groups and the management of user IDs, allowing more precise access control. Read more here: HRplus Learn.

July 27th – August 15th, 2023

1. Time Zone Settings: Added time zone configuration to synchronize system events across different regions. Read more here: HRplus Learn.

June 2nd – July 3rd, 2023

1. Single Sign-On (SSO): Enhanced support for Single Sign-On, improving cross-platform access with a unified login. Read more here: HRplus Learn.

April 17th – May 5th, 2023

1. Password Configuration Updates: Added new options for customizing password security policies, improving overall security control. Read more here: HRplus Learn.

February 28th – April 2nd, 2023

1. User Groups and Access Settings: Refined tools for managing access rights, improving control over company and departmental permissions. Read more here: HRplus Learn.

January 9th – February 28th, 2023

1. Single Sign-On Integration: Introduced SSO, allowing users to access multiple systems securely with one login. Read more here: HRplus Learn.

 



How to set up Password Configurations


 Security>>Security Settings>>Password Configuration


Password Configuration

Access to HRplus is restricted through password control. Each user logs in with a user ID and password, which the application tracks. The strength and complexity of passwords are user-defined and affect the security level required for accessing HRplus.

Password Configuration Management: Setup, view, edit, and delete password configurations. This is the responsibility of the Database Administrator or Master User, who should:

    Plan and align security measures with company policies and goals.

    Implement policies to ensure all passwords are kept private.

Best Practices for Password Security:

    Passwords should never be written down or shared.

    Use random, non-common information (avoid using names, dates of birth, etc.).

    Passwords should ideally contain at least one special character, one capital letter, one number, and be at least 8 characters long.

Set up Password Configurations



Capital letter required: Select Yes if the password is required to contain a minimum of 1 upper case letter (A-Z). Otherwise, select No.

Change Default Password: Select Yes if the user is required to change their default password.

Common Letter required: Select Yes if the password is required to contain a minimum of 1 lower case letter (a-z). Otherwise, select No.

Number required: Select Yes if the password is required to contain a minimum of 1 numeric character (0-9). Otherwise, select No.

Password Expiry Date:

▪ If ‘Yes’ is selected, enter the number of days after which the Password will expire in the value field.

 

▪ If ‘No’ is selected, then the password will not expire i.e. it can be used as long as an employee remains a valid user.

Password Expiry In-App Popup Notifications: Select Yes if a pop-up message is required to prompt the user, on logon, to change his/her password. The message is displayed based on the number of days in the Value field.

Password Expiry Reminder:

 

▪ If ‘Yes’ is selected, enter the number of days in advance you wish the reminder to be sent to HRplus users in the value field. The reminder will be sent to the users’ email address.

▪ If ‘Yes’ is selected and no value is entered then, by default, the reminder will be sent via email 5 days before the password expiry date.

▪ If ‘No’ is selected, then no reminder will be sent to users. On the password expiry date, users will be prompted to enter a new password.

Password Length: Select Yes if the password must be by default 8 characters in length, but can be much longer. Otherwise, select No.

Password Reuse:

▪ If ‘Yes’ is selected, then users will not be able to reuse (re-enter) old (passwords that have been used before) or existing passwords.

▪ If ‘No’ is selected, then a user’s previous and current passwords can be reused any number of times.

Special Character Required: Select Yes if the user is required to contain a minimum of 1 special character. E.g. ~`!@#$%^&*()-_+={}[]|\;:"<>,./?. Otherwise, select No.

Two Step Verification:

▪ If ‘Yes’ is selected then:

▪ Enter the number of minutes after which the Two factor Token will expire, if the user does not login within this time.

▪ In addition to entering a password on the login screen, users will also be sent, via email, a PIN which is also to be entered .

In the example below, 10 minutes is entered. The first time a user logs in with their username and password, they will be prompted to enter the PIN sent via email.

▪ If the user does not enter this pin within 10 minutes from when it was sent, then a new pin will be required.

▪ If the user logs in successfully and then logs out, if they decide to log back in within the 10 minute period after the pin was sent, then they will not be asked to enter a new pin.

▪ If the user logs in successfully and then logs out, if they decide to log back in after the 10 minute period, then a new pin will be sent to their email address.

Once you have entered your chosen configuration options, click on the Submit button to save.

The HRplus app will be updated to always reflect the options that have been enabled (those for which Yes is selected).


Two Factor Authentication Example


Email Message with PIN for Login to HRplus




Two-Step Verification

What is Two-Step Verification?

Two Step Verification (2SV) works by adding an additional layer of security to your HRplus Software accounts. It requires an additional login credential – beyond just the username and password – to gain account access. 2SV helps protect you by making it more difficult for someone else to sign in to your account. Even if someone else finds your password, they'll be stopped if they don't have access to your email info. This is also why it's important to use different passwords for all your accounts. Cons vs. Pros Cons:

Increased login time – Users must go through an extra step to login into an application, adding time to the login process.

Pros:

Improved security – 2SV reinforces security by making it more difficult for intruders to gain unauthorized access, even if a perpetrator gets past the first authentication step.

Increased productivity & flexibility – enables businesses and public institutions to be more productive and efficient, allowing employees to perform remote tasks with far less security concerns.

 Recommendations:

1. Email used should be company emails.

2. Set up a short expiry time for token to ensure that the token is required at every login.

3. Individual email addresses should be used instead of group email addresses. This is to ensure that only the specific user will receive the secret key.


How to Setup 2SV in HRplus?

Two Step Verification can be turned on via Security>>Password Config however, there are a few prerequisites which must be conducted prior to turning on 2SV.

Step 1: Ensure email server is setup

Step 2: Users are required to have an email address associated with their User ID

Step 3: Toggle 2SV On

Step 1: Ensure email server is setup


Navigation: System Configurations>>Company Parameters>> System Constants>>Mail Server

The following connection details can be used to configure the email server.

If you have your own mail server information complete the form below and save the record with the saved icon.

If you are required to use our mail server settings, please contact us at helpdesk@hrplus.net.





 After the configuration is complete, it is important to test that the users can receive emails. Enter an email address in the section "Test Email Address" and select the option "Send Test Email". You

will get a prompt indicating that an email was successfully sent.  Check your inbox to confirm that the test email was received.





Step 2: Users are required to have an email address associated with their User ID





Navigation: Security>>User Administration>>Search for User ID







Add or edit email address if same is missing



Ensure that all employees have a valid email address.


 The user Email address is extremely important as turning 2SV on will prompt a PIN to be sent to the user’s email address. Failing to include the user’s email address will lock the user out of the

application as there will be no way for the user to receive the PIN.

Step 3: Toggle 2SV On


Navigation: Security>>Password Config>>Two Factor Authentication



The System Admin is the only user with access to the Security Module and they are responsible for turning 2SV on. To do so, the ‘yes’ toggle must be selected, then submit the form to save the changes. The value can also be changed to the number of minutes a user will be able to log back into the application without requiring a PIN.

Turn off 2SV

You can turn off this option by simply selecting the option "No" in the configuration




For additional information on how to log in using this feature, please consult the article How to Login Using 2 Factor Authentication?



How to enable/disable password expiry notifications?


Security>>Security Setting>>Password Config>>Password Expiry In-App Popup Notification/

Password Expiry Reminder


The following two (2) features allows user's to enable/disable password expiry notifications:

1.     Password Expiry In-App Popup Notifications (Days in Advance): once enabled, this feature triggers a pop-up message that prompts the user, on logon, to change his/her password. The message is displayed based on the number of days in the Value field.

2.     Password Expiry Reminder: when enabled, reminders (up to 3) are sent to alert users of impending password expiry. The reminders are sent, in advance, based on the number of days in the Value field.  Up to three (3) reminders can be set up, with the values (days in advance) entered in the Second Reminder and Third Reminder fields.

Step 1: Enable/Disable password expiry notifications


 Value: Number of days in advance for, password reset notification prompt.

Second Reminder: Number of days in advance for, second password reset notification prompt.


       Third Reminder: Number of days in advance for, third notification password reset prompt.

Enabled: Select "Yes" if the Password Expiry feature is to be used . Select "No" if this feature is not being used.

Step 2: Login as user and View Reminders

Password Reminder Notice 1


Home


Password Reminder Notice 2


Home>>Notifications


Password Reminder Notice 3


User Email Account>>Password Expiration Notification

 


How to create a single user?


Security>>New User


New User

A User ID and password allows the end user to log into the HRplus Application. This permission must be created for new employees or anyone who is required to use the HRplus application. Note that when the new user logs in for the first time, they are prompted to change their password.

This process requires three primary steps:

Step 1 - Create A New User

Step 2 - Granting of Permissions

Step 3 - Granting Company and Pay Group Access

Step 1: Create A New User


 

 Creating a new User ID in the application is a two-part process. To begin, enter the following:

1.     Enter a User ID - User IDs are the identification by which the application recognizes each employee who is required to log into the application and must be unique for each employee. The IDs can be mapped based on the employee's name, can be alphanumeric and contain a special character such as an apostrophe (’).

2.     Enter an Email Address - Enter a valid email address for the user account. This email address would be used to facilitate the password reset feature and any other communication within the app to the user's email.

3.     Password - Enter a generic or specific password for the user account. The password entered should meet the password requirements as set up in the password configuration screen.

4.     Select a Language - Please select English.

5.     Timezone (Optional) - Select the employee's timezone.

6.     Observe daylight savings? - Enable or Disable daylight savings which is from second Sunday in

March to first Sunday in November.

7.     Finally, link the user to his/her employee profile. If the employee’s name is not visible, please ensure that the employee’s personnel information has been entered into the application.

8.     Use employee position to determine Timezone? - Select "Yes" if the employee's position is used to determine the timezone. Select "No" if this option is not being used.




 The application will not allow you to create a User ID that already exists OR to link a new User ID to an employee who is already linked to another User ID.

Hovering your mouse over the icon allows you to view the message.

Step 2: Grant Application Permissions


 1. Select the permissions needed by the user

2. Click the Submit button to save or the Reset button to reset the form (clear changes) If you wish to return to the 1st step, click on the Previous button.

N.B. When a new user is created and the user logs in, they get a prompt to change the default password.

Note that in this example, the user is given the permissions to access the following modules:

1.     HRplus Time Module

2.     Employee Self Service (ESS)

3.     Manager Self Service (MSS)

4.     Timekeeper Self Service (TKSS).

5.     Single Instance is given so that the employee can access Reports within the HRplus Time module.

For a more detailed explanation of these permissions, click on the link below:

Application Permissions Explained

Step 3: Grant Company and Pay Group Access


1.     Enter the User ID in the Search bar (or use the alpha-search) and click on the Search button.

2.     Click on the Plus sign to the left to expand the record.

3.     Unique database ID: This is the Database ID that is generated by the application once an employee is created within the Personnel or POWER Pay modules of HRplus. It is linked to the employee’s name and will auto-populate once the name is chosen.

4.     Account End Date: This field can be used in the case of an employee to whom you wish to grant temporary access to modules within HRplus. Once the date has passed, the employee will no longer be able to login to the application. For long-term users, you can leave this field blank.


Upon expanding the record, there is a listing of tabs within which we can enable more features. The user must be given company and paygroup access (if applicable) in order to be able to log in successfully without seeing any error messages.

All tabs are listed below. Click on any of them for the user guide showing how to use the feature:

1.  Pay Group Access

2.  Company Access

3.  Restrict Position Access

4.  Restrict User Reports

5.  Changing Passwords

6.  Edit User Groups

7.  Edit User DB Permissions

8.  User Signature

9.  Time Zone

Step 4: The New user Logs In and is Prompted to Change the Default Password



How to create Batch Users


 Security>>New User>>Create Batch Users

Batch Users

This feature allows you to Create users/employees in batches for the Self Service modules (i.e. access to the Manager, Employee, Timekeeper Self Service Modules, etc.). This is useful if you wish to create users for a whole department or for a group of employees with the same User Group and Database permissions.

User IDs are created by the system based on a configuration of employees’ first and last names. Batch users will use the same password as specified here for first time login to the HRplus application.

Steps to set up Batch Users are as follows:

STEP 1 : Creating User ID and Password Setup

STEP 2 : Select Application Permission

STEP 3 : Select Users to create based on Department and Employee name

STEP 4 : Employees receive User Credentials via email

STEP 1: Create User ID and protocol for Password Generation


 Random Password: Select Yes or No if you wish to use a random password for the batch users being created.

    If 'Yes' is selected, then Static Password can be left blank. When the batch users are created, a random password will be generated by the HRplus application and this will be sent to the employee's email for them to be able to login to HRplus.

    If No is selected, then you must enter a static password which would allow all users to log in using the same password.

Static Password: If you selected ''No'' for the Random Password option, then you must enter a (user-generated) static password here. e.g. P@ssword123. The password entered must meet the criteria setup in Security Settings >> Password Configurations for the users to be able to log into HRplus successfully. This can be later changed by the user Via the Change Password icon (accessible to all HRplus Users).

If this option is being used then it is strongly recommended that the Two Factor Authentication be enabled to ensure that there is a second layer of security to access user accounts.

 

Language: Select one of the language options available. All users created in this batch will view HRplus in the selected language.

Set user email using: The email address entered here determines the address to which work-related messages are sent to employees.

    Primary Email: employee's main email address.

    Work Email: employee's work email address.

Use employee position to determine Timezone?: Select "Yes" if the employee's position is used to determine the timezone. Select "No" if this option is not being used.

Observe daylight savings?: Enable or Disable daylight savings which is from second Sunday in March to first Sunday in November.

Use Email as User ID: Select "Yes" if the user's email address is to be used as their user ID to log into HRPlus. Select "No" if this option is not being used.

Use Global ID as User ID: Select "Yes" if the user's Global ID is to be used as their user ID to log into HRPlus. Select "No" if this option is not being used.

Derive IDs Using: User names can be derived from First Name, Last Name or First and Last Name.

You may choose to generate user names using the first 3, 4, 5, 10 etc. characters of the employee’s First Name, Last Name or First and Last Name. If you choose the First and Last Name option, specify the number of characters from the First Name and also Last Name.

Action for same User Ids: In using the name combinations, some users may have the same user ID. To avoid this, select one of the action options below:

    Make unique: the system will add numeric character/s to the User Id so that there will be no duplicates. The system will create as many unique User Ids as possible e.g. if you choose 10 characters and the system has to create 105 user accounts with, say, the name‘Kevin’ the system will only be able to create 99 unique user names (Kevin01, Kevin02, Kevin03...Kevin09).

    Do not create - the system will not create users with the same name.


User ID created with First and Last name





STEP 2 : Select Application Permissions


 Application Permissions - Check the required option based on the employees or group of employees

Self Serve Employee – An employee is allowed to update his/her profile, view his/her payslip, request leave view balances etc…





Self Serve Leave –  An employee would be allowed to view how much leave they have and to request leave .

Payroll –  Persons that are running payroll will get this access

Self Serve Payslip – An employee would be able to view and print his/her payslip

Self Serve TimeKeeper –  is responsible for scheduling shifts, keeping all attendance logs up to date, and ensuring time sheets are current.

Self Serve Manager – is responsible for all approval requests that are submitted to them Then select Next.

STEP 3 : Select the Users to create

 There are two (2) ways to select employees:

1. By Department

Click the department/s and the system will display the departments’ employees. Select the employee/

s. User IDs will be created for all selected employees (for whom accounts do not already exist) in the selected department/s.

2. By Employee

Create users by Department


Click the department/s and the system will display the departments’ employees. Select the employee/s. User IDs will be created for all selected employees (for whom accounts do not already exist) in the selected department/s.

Created Selected Employees within the Department



• Select the employee/s. User IDs will be created for all selected employees (for whom accounts do not already exist).

• Click on the Submit button to generate the User IDs.


STEP 4 : Employees can View their User Credentials

 The user will receive an email in his/her inbox.




How to Unlink an employee profile from a User ID/ Account?


Security>>User Administration

To unlink an employee from an existing user ID due to reasons such as an incorrect user ID, follow these steps:

1.  Search for the employee by User ID, Badge Number, Last Name, or First Name, and click "Search."

2.  Select the appropriate employee record from the search results.

3.  Click the "Unlink Employee" button.

After selecting the search button, the employee profile will appear on your screen.



 Account End Date: Click on the Calendar tab under Account End Date and enter the employee last working day and select Submit. This will prevent the employee from having access to his user

account when he/she leaves.

Unlink Employee: Click on either the Unlink Employee button to remove the employee from the company.


 

How can I deactivate/reactivate a user's account?


Security>>User Administration>>[Select User]>>[Deactivate Account Button]:

Deactivate/Reactivate a User's Account

A user's account on HRPlus may need to be deactivated for reasons such as termination of employment, extended leave of absence, retirement, or security concerns. Deactivation ensures that the account is no longer accessible and helps maintain system security and data integrity.

User accounts can successfully be deactivated and reactivated if necessary. 

Deactivate/Reactivate a User's Account


Deactivate Button: Deactivate the user's profile.

Reactivate Button: Reactivate the user's profile.

Account End Date: Auto populates with the date the account is deactivated. This is also autopopulated when an employee is separated. How do I Separate an employee?


How to Delete and Recreate a User Account


Security>>User Administration>>[Search for Employee]

Delete and Recreate User Accounts

Deleted user accounts can be recreated. After deleting a user, click the Refresh Memberships button to update the screen.

Step 1: Delete a User Account



Step 2: Click the Refresh Membership Button

Use the Refresh Memberships button before recreating a deleted User Account.

Note: The error message "UserId already exists" would appear if you try to recreate the user account without first clicking Refresh Membership.


Step 3: Recreate the Deleted User Account




Step 4: View the Employee's User Account



How to Grant Company Access to a user?


Security>>User Administration (Expand User record by clicking on the + sign)


Company Access

The Company Access permission allows the system administrator to grant the end user permission to the Company-Division-Department views within HRplus. Once granted, they can now view all employee data for the respective department(s) within the modules that they have access to.

Permissions can be either be granted for ALL Companies on the database or only for Specific CompaniesDepartment combinations. This permission is required for the end user to be able to see theirs, as well as other employee personnel information stored on HRplus.

Grant Company Access Options


Grant Access to ALL Companies, Division and Departments: By selecting this button, the user will be granted permission to ALL Companies on the database. This is normally selected for a System Administrator who oversees the user permissions of the Company Administrators for the individual companies.

Grant Access to Specific Companies, Divisions and Departments: By selecting this option, you can select the combination of the Company, Division and Departments that the user has to be granted permissions for. This can be for access to ALL departments within a single company or multiple departments within a company.

New Record: Alternatively, if the user is to have access to only certain hierarchies, click on the New Record hyperlink and, using the drop boxes, manually select each hierarchy individually.                

Click on the Submit button to Save.


How to Grant Access to a Specific Company?


Security>>User Administration (Expand User record by clicking on the + sign)


Step 1: Select the option to Grant Specific Company Access


 Grant Access to Specific Companies, Divisions and Departments: By selecting this option, you can select the combination of the Company, Division and Departments that the user has to be granted

permissions for. This can be for access to ALL departments within a single company or multiple departments within a company.                                                                      

Step 2: Select the Specific Company to Grant the user Access


Step 3: Change the Number of Records on the Page to 100


Step 4: Select the Header Row to select ALL the records on the page


Step 5: Scroll to the end of the page and Click Submit



Step 6: View the Company Access Permission Granted for the Employee


How do I Delete/Revoke Company Access?


There are two ways in which Company Access can be revoked as follows:

1.     Delete Company Access

2.     Revoke Granted Permissions

Option 1: Delete Company Access


1 . Filter by any of the headers (Company Code, Company Name, Division Code, Division Name,

Department Code, Department Name). Records will be displayed depending on the user’s permissions.

2.     Select the number of Records per page e.g. 100 (maximum).

3.     Check the Delete button. All records will be selected.

4.     Click the Submit button.

5.     Repeat to delete additional records.











Option 2: Revoke Company Access














How to Grant Pay Group Access


Security>>User Administration>>[+]>>Pay Group Access


Pay Group Access

Pay Groups, in HRplus, are linked to Positions and employees are, in turn, hired into these positions.Pay Group Access is required for those users who need to insert/edit/delete/view records or information related to the employee's linked to the pay groups. This includes but is not limited to entering employee salaries, creating pay cycles and new pay groups, viewing employees pay profiles, viewing payroll related timesheet information, etc. Payroll, HR and HRplus Time Users will need access to Pay Groups.

Grant Pay Group Access



To give a User access to all Pay Groups, click on the Grant Access To All Pay Groups button.






Alternatively, if the user is to have access to only certain Pay Groups, click on the drop box to manually select each pay group individually.

Click on the Submit button to Save.

 If a user is not given Pay Group Access, s/he will not be able to see information pertaining to the Pay Groups within the various modules.

Note that in the event that there is a restructuring exercise taking place within the company and a new Pay Group is created, existing and new payroll users will have to be given permission to new paygroup in order to be able to view it.


How do I Restrict Position Access?


Security>>User Administration>>Restrict Position Access

Restrict position Access

The Restrict Position Access feature allows the system administrator the restrict the positions that the end user is able to view. When the position is saved here, then end user will not be able to find any details about the position or the employee in the position. this can be useful in a scenario where a users is not permitted to see the personnel data for executives or other high-level employees.

How does it work?

1.     Select the position that the user should NOT have access to.

2.     Save the record.

3.     Repeat to add more restricted positions.


Step 1: Expand the User Record and go to Restrict Position Access


Step 2: Select the Position to be Restricted





How do I Restrict User Reports?


Security>>User Administration>>Restrict User Reports

Restrict User Reports

Some users may not be permitted to have access to certain reports that may carry confidential information. This screen allows you to block certain reports from being viewed by the HRplus user you are setting up.


Restrict user Reports

• Click on New Record. Next, click on the icon to select from the Reporting Area, the Reporting Group and Report No. within the company, for the person whose information you wish to hide.

    Click on the diskette icon to save.

    Repeat to add more restricted reports.


How do I edit User Groups Application Permissions?


Security>>User Administration>>Edit User Groups

Edit User Groups

This tab allows you to view the the groups/permissions to which the HRplus user was granted access via the New User tab. You can delete or add more permissions here.

Once the relevant permissions is given based on the employees roles, you then select Submit changes

For more details on Application Permissions, click on the link below:

Description of User Groups and Permissions

Edit User Group Application Permissions


 • Select the check box of module permission that you wish to grant or revoke access for the user.


    Click Submit Changes to save the record.

    If there is a check on the box, this means the user has access to that module.

    If the check box is blank, this means the user does NOT have access to the module.

    The user will be granted Application and Database (DB) Permissions.


Description of Modules/User Groups and Database

(DB) Permissions

In HRplus Security Module, you can grant or revoke a user's access to specific functions and data in the application through the User Groups.


The table below provides a detailed description of the permissions and functionality one can have by being granted module or user group access in HRPlus. It is critical to understand how a combination of these permissions can allow users to have a seamless interaction with HRPlus once they have been given the correct access when their profiles are created.


Only persons with access to the Security Module can view, grant or revoke these permissions. Please contact your company's System Administrator for assistance.


Module/ User Group

User Group Description

Synced Database Permission

System/Security:

1.                       Administrators

 

Allows access to the Security module. These users manage permissions for all end users of HRplus OR In a multi company environment, they manage user permissions for each company administrator. Administrators have access to the following menu options:

1.                       Security

2.                       System Configurations

 

These users are referred to as Database Administrators/Master Users and they can perform the following tasks:

1.                       create new users

2.                       grant/revoke permissions/access to companies, pay groups, positions, HR modules, reports, database membership.

3.                       Change user passwords.

4.                       Create batch users.

 

SYSTEM_ADMIN



System/Security:

2. Company Administrators

Allows access to the Security module. Manage user permissions for their respective company ONLY, in a multi company environment. Administrators have access to the following menu options:

1.                       Security

2.                       System Configurations

 

These users are referred to as Database Administrators/Master Users and they can perform the following tasks:

1.                       create new users

2.                       grant/revoke permissions/access to companies, pay groups, positions, HR modules, reports, database membership.

3.                       Change user passwords.

4.                       Create batch users.

 

SYSTEM_ADMIN

Personnel

                          HR Personnel

 

Allows access to the Personnel module, Personnel, Employees, Company Assets and Event Reminders.

N/A

Personnel

                          HR Manager

 

Allows access to approve HR functions.

HR_MANAGER

Personnel

                          HR Users

 

Grants a user the ability to add, edit, delete, post or manage various transactions within the HR aspect of the application.

These employees/users have access to View/Insert/Update/Delete HR functions – they do the processing in the HR Modules – enter data, make changes – keep the application up to date re employee data processing. HR Users have access to:

1.                       Personnel>>Personnel>>Employees

2.                       Personnel>>Personnel>>Search Employees

3.                       User Self Service>>HR>>Self-Serve Entries

 

HR_USER

Personnel

                          HR Setup 

 

Allows access to the Setup screens in the Personnel module.

 

HR_SETUP

 


Recruitment

                          HR Recruitment

 

Allows access to the Recruitment module.

HR_RECRUITMENT

Talent

                          HR Performance

 

Allows access to Talent Management comprising Goals, Appraisals, 360 Multi-Rater, Training and Succession.

 

Talent

                          360 Multi-Rater

 

Access to the 360 Multi Rater module

HR_360 Module

Talent

                          HR Appraisals

 

Access the Appraisals Module

HR_Performance

Talent

                          HR Events

 

Access the HR Events screens which allows the user to generate an Appraisal or 360 Multi-Rater

 

Talent

                          HR Goals

 

Access the Goals Module

HR_USER

Talent

                          HR Succession

 

Allows access to the Succession Module

HR_USER

Talent

                          HR Training

 

Access the Training Module

HR_USER

Relations

                          HR Relations

 

Allows access to Employee Relations comprising Industrial Relations and Health and Safety.

HR_RELATIONS

Relations

                 HR Health & Safety

 

Allows access to Health and Safety Module.

 

 

Relations

                          HR Industrial Relations

 

Allows access to Industrial Relations Module.

 

 


Company Assets

Allows access to the Company Assets module.

HR_COMPANY_ASSETS

Payroll

                          Pay Supervisor

 

Allows access to a user who has the authority to approve, run and reverse the payroll. The employee who is designated a Payroll Supervisor is usually a manager who has access to approve/reverse the payroll. On completion of data entry of cycle changes, the payroll supervisor will logon to the application, view the Cycle Changes report and give approval to run the payroll. If the payroll has to be reversed, the cycle of approval is repeated as many times as required until the payroll is finalized. Payroll Supervisors have access to the following menu options:

1.                       Process Payroll

2.                       Payroll Reports

3.                       Employees

4.                       Pay Cycles

5.                       Business Rules

6.                       Maintenance

7.                       Year-End Close

8.                       Self-Serve Entries

 

PAY_SUPERVISOR


Payroll

                          Payroll HR Users

 

Allows access to both Payroll and Human Resources functions. These employees have access to both Payroll and HR functions – View/Insert/Update/Delete employee data in those HR modules to which they have access; make transactional changes (salary changes, promotions, position changes etc.); maintain and update employee data in the application. The menu options are:

1.                       Process Payroll

2.                       Payroll Reports

3.                       Employees

4.                       Pay Cycles

5.                       Business Rules

6.                       Maintenance

7.                       Year-End Close

8.                       Self-Serve Entries

9.                       POWERpay>>Process Payroll>>Employee Transactions

10.                  POWERpay>>Maintenance>>System Defaults>>Setup Wizards

11.                  POWERpay>>Maintenance>>System Defaults>>Structure

12.                  POWERpay>>Maintenance>>System Defaults>>General Codes

 

 

Payroll

                          Payroll Leave

 

Allows access to the POWERpay module including Leave processing. The Leave module has been included in the POWERpay Payroll menu for those companies that wish to process both Leave and Payroll. The Leave module allows you to quickly and easily calculate and recalculate leave balances. One-time setup is based on unlimited user-defined leave types and leave rules that can easily be modified to cater to changing policies. Recalculation of leave can be done to date or projected to a future date, providing drill-down capability to both a summary and detailed history of employee leave taken and leave balances. Leave can be processed – entered, approved, updated, posted and deleted – with leave balances automatically updated with each transaction thus offering both flexibility and ease of use to the user.

 

 



Payroll

                          Payroll Setup

 

Allows access to the Payroll Setup menu option which includes the setup of Earnings, Deductions, Allowances, Other Income, Pay Groups, Pay Cycles, Banking and Other Payees and other base tables in the POWERpay module. Employees can View/Insert/Update/Delete only those options on the Payroll Setup menu - the core payroll setup that form the foundation of the payroll and is usually one-time setup. These include the setup of:

1.                       Earnings

2.                       Deductions

3.                       Allowances

4.                       Other Income

5.                       Pay Groups

6.                       Pay Group Company Link

7.                       Benefit Types

8.                       Benefit Plans

9.                       Banking and Other Payees

10.                  Void Cheque Reasons

11.                  Multi-Currency

12.                  Payroll Document Types

13.                  Invalid Table Codes

 

N/A

Payroll

                          Union Rules

 

Allows access to the Business Rules menu option in the POWERpay and Personnel modules located in the General Codes tab. This feature allows a user to set up unions and bargaining units for the organization.

N/A

Benefits

                          HR Benefits

 

Allows access to the Benefits.

HR_BENEFITS

Benefits

                          HR Leave

 

Allows access to the Leave Module.

HR_BENEFITS

Benefits

                          HR Health Plan

 

Allows access to Health Plan.

HR_HEALTH_PLAN

Benefits

                          HR Medical

 

Allows access to Medical.

HR_MEDICAL

Benefits

                          HR Compensation

 

Salary Survey. Future Release

HR_COMPENSATION

Benefits

                          HR Pension

 

Allows access to the Pension module.

HR_PENSION

Benefits

                          HR Education Support

 

Allows access to Education Support.

HR_EDUCATION_SUPPORT

Self Service

                          Self Serve

 

Allows access to User Self Service. Used in conjunction with any other self-serve options depending on the level of access.

N/A

Self Service

                          Self Serve Administrator

 

Allows access to departmental administrators who are responsible for leave approvals, time sheet entries and any other employee-related issues.

SELF_SERVE_ADMINISTRATOR

Self Service

                          Self Serve Employee

 

Allows access to User Self Service – Employee. An employee is allowed to update his/her profile, view his/her payslip, request leave, view balances etc.

SELF_SERVICE_EMPLOYEE

Self Service

                          Self Serve Manager

 

Allows access to User Self Service – Manager. A self serve manager is responsible for all approval requests that are submitted to them from their direct reports.

SELF_SERVICE_MANAGER

Self Service

                          Self Serve Payslip

 

Allows the end user to be able to:

1.                       View payslips uploaded to HRplus via the self service module. Payslips generated by HRplus are NOT visible in this screen.

2.                       ONLY view the payslip and not any other self service features.

3.                       Not have access to view the payslip if this permission is not granted.

 

 

 

Self Service

                          Self Serve Timekeeper

 

Allows access to User Self Service – Timekeeper. The self serve timekeeper is responsible for scheduling shifts, keeping all attendance logs up to date, and ensuring timesheets are current.

HR_TIME

Self Service

                          Self Serve Time user

 

Allows users to be able to see the virtual clock on the dashboard upon login, and therefore they can punch in for work using that clock.

 

Self Service

                          360 Team Leader

 

Gives access to employees involved in a 360 MultiRater/Feedback

SELF_SERVICE_TEAM_LEADER

HRplus TIME

                          Time and Attendance

 

Allows access to HRplus Time – the time and attendance module of HRplus.

HR_TIME

HRplus TIME

                          Time and Attendance HR

 

Allows the end user access to HRplus Time – the time and attendance module of HRplus with some of the Personnel Module functions

 

HRplus TIME

                          Time and Attendance Leave

Allows the end user access to HRplus Time – the time and attendance module of HRplus with some of the Leave module functions included.

 

Reporting

                          End User Reporting

 

Permission to this option allows the end user access to all reports (e.g. Personnel, Payroll, Benefits, Leave based on the modules to which you have access) to be accessed from one place – there is no need to navigate to the respective module to view the report.

It is used in conjunction with Multi-Instance Web Server to which permission must also be granted:

                 Check Multi-Instance Web Server and End-User Reporting to access all the reports from one place.

                 Check Single-Instance to access Reports in the respective module.

 

When you click on the menu item HR Payroll Reports you will be redirected to a new page in your browser in which the reports will be displayed. This feature enables greater speed of access for longer reports (e.g. payroll reports) and helps in balancing the processing load of the server/s.

N/A



Reporting

                          Single Instance

 

Allows access to the Reports menu in the module to which permission is granted. If permission is granted to both End User Reporting and Single Instance then the user will be able to view the Reports menu under the respective module and the DBXtra Reports under the End User Reporting menu.

N/A

Reporting

                          Old Pivots

 

Allows users to be able to view older versions of the pivots available in HRplus via the payroll module.

 

Add Ons

                          Add Ons

 

Comprises Fringe, Hotel, Backpay and Advance Payments. Permission allows access to these options.

 

Add Ons

                          Advanced Payments

 

Allows access to Advance Payments as a stand-alone module. Permission must also be granted to the Add-Ons option as well

N/A

Add Ons

                          Auditor

 

Persons can view other user activities on specific screens. All actions such as delete, insert and edit are recorded and can be reviewed by the 'auditor' when required.

AUDITOR

Add Ons

                 View Only

 

Users with this permission are only able to view data in the modules they have access to and they will not be able to make any update/insert/edit/delete transactions. This permission is usually granted to audit users.

 

 

Add Ons

                          Backpay

 

Allows access to Backpay as a stand-alone module. Permission must also be granted to the Add-Ons option.

N/A

Add Ons

                          Client Company

 

Allows the end user to access reports via End User Reporting and view ONLY reports which have been configured for them to access. These reports are configured via End User Reporting >> Web Reports Setup and can be setup by company and country. This feature can be used by:

1.                       Clients using HRplus as a BPO tool for their clients. This way their clients can log onto HRplus and run the required reports for their company directly from the system without accessing anything else.

2.                       Clients wishing to setup a user who can only view and run certain reports without accessing any other data.

 

N/A

Add Ons

                          Company Imports

 

(Future Feature) Allows the user to access a toll for custom built imports to HRplus.

 

Add Ons

                          Fringe

 

Allows access to Fringe Processing (hotel industry). Permission must also be granted to the Add-Ons option.

N/A

Add Ons

                          Hotel

 

Allows access to Hotel (Tronc, Tips). Permission must also be granted to the Add-Ons option.

N/A

Add Ons

                          Other Timesheet

 

Allows the end user access to view the old manual time sheets ( no longer in use) within the department administrator module. This has since been replaced by the time sheets generated by HRplus TIME.

N/A

Add Ons

                          Onboarding

 

Allows the end user to be access the Onboarding/Offboarding functionality within the Personnel, Recruitment and Self Service Modules.

 

Add Ons

                          Message Author

 

Allows the end user to be able to create/add/edit a company notification for the message board in HRplus. The message will be pending approval before it can be seen by employees.

 

Add Ons

                          Message Administrator

 

Allows the end user to be able to approve a company notification so that it can be posted to the message board in HRplus. These messages are seen by everyone in the company once they log into HRplus.

 

Add Ons

                          Multi-Company

 

Allows access to multiple companies within an organization. The employees who have access to the Multi-Company function has access to View/Insert/Update/Delete data with regard to all the companies in the database whereas Single-Company access only allows you to View/Insert/Update/Delete data re the specified company only

N/A

Add Ons

                          Multi-Currency

 

Allows the user access to multiple currencies utilized within an organization. Note that:

1.                       The employees who have access to the Multi-Currency function will be able to View/Insert/Update/Delete data for all the currencies in use on the database.

2.                       Single-Currency access only allows you to View/Insert/Update/Delete data that one specified currency which is linked to the company.

 

N/A

Add Ons

                          HRplus BI

 

Allows the user to open the link for the HRPlus BI Reports, however this tool must be setup by version control before it is available for use.

 

Add Ons

 

                 HRplus Support

 

This enables functionality for HRPlus support personnel ONLY. Not for client use.

 


Edit User Database (DB) Permissions


Security>>User Administration>>User DB Permissions


Edit User DB Permissions

When a user's access is granted or revoked for the User Group or Application permission, the Database Permissions will be automatically updated to reflect the changes.

This screen must NOT be edited by the system administrator as it will already be reflecting the correct permissions for the user. It is primarily used by HRPlus support personnel to be able to manually adjust user permissions in the rare occasion that this is required.

Edit User DB Permissions



How do I set up a User's Signature?


Security>>User Administration>>[+]>>User Signature


User Signature

This feature is used to insert signatures into documents on HRPlus. E.g. On the letter templates a manager's signature can be inserted into the relevant letters. Additionally, it can be used where signatures are required on certain statutory reports.

To upload a signature, you must have an electronic signature or you can scan a signature and save it as a JPEG or PNG.

Set Up User Signature







 • Click Upload Images.

• Select the signature file from where it is saved on your machine. Click Upload.






    Once you are okay with the signature, select Submit and the record will be saved.

    To delete the record, check the delete box and click Submit.

    You may re-upload another file as required.


 

How to change my password


Security>>User Administration>>Change User Password


Once Password Configurations have been saved, please change your password to reflect the new parameters (if necessary). Next, logout and log back in using your new password.

Note, there are three ways in which Passwords can be changed:

1.     Via the Change Password icon (accessible to all HRplus Users)

2.     Via the Forgot Password button on the login screen (accessible to all HRplus Users)

3.     Via Security Module - Option 1(accessible only to System/Company Administrators)

4.     Via Security Module - Option 2(accessible only to System/Company Administrators)

1. Via the Forgot Password button on the login screen

User Login>>[Forgot Password]





• Enter the User ID and click on the Forgot Password Button. This will prompt an e-mail to be sent to you.

User Email Account>>[Reset Your Password]



 Once you click the Reset Password Tab a screen will open for you to enter your new password

Please note that the link is only valid for 15 minutes! This is to prevent employees from using the link to reset their password more than once.








 Once you entered your new password, Select Login to enter HRplus.


2. Via the Change Password icon (accessible to all HRplus Users)



Change Password Pop Up Box



 ▪ In the Change My Password box, Type in a new password and confirm as prompted. ▪ Use the Submit button to save or the Reset button to start over.

3. Via Security Module - Option 1 (accessible only to System/ Company Administrators)


4. Via Security Module - Option 2 (accessible only to System/ Company Administrators)



How do I use the Auditing feature?


Security>>Module Audit

Module Audit

The Auditing feature in HRplus is available for ALL modules and:

    Allows for an inspection of Insert/Update/Delete functions that are performed by users of HRplus. 

  Maintains a history of these functions.

    Enables system administrators to establish controls to ensure the integrity of the data.

    Is available on all screens of HRplus.

    can only be viewed by users to whom Auditing privileges have been granted.

    can be turned off or time-restricted if necessary.

The System Administrator has the required permission and responsibility to enable/disable these tables as required.

Table showing How to set up the Auditing feature and view Audit tables

Step 1

Identify Modules to be Audited

 

Based on the HRplus modules purchased and your company's policy, determine the modules/features to be audited. Decide whether the modules/features should be audited:

                          Always; OR

                          For a specific time frame

Step 2

Grant User Audit Privileges

 

Security >>User Administration >> (Search for user) >> Expand user record >> Edit User Groups Identify and decide on the Users to whom audit privileges should be granted. (e.g. HR users).

For each identified user, grant Application Permissions to:

Auditor (Edit User Groups>>Addons>>Auditor)

Step 3

Enable Module Auditing

 

Note that the Auditing feature is active, by default for all HRplus modules/features. However, via this option you may:

1.               Limit auditing of an HRPlus module/feature to a specific time frame OR

2.               Completely cease auditing of an HRplus module/feature.

Step 4

View Audit

 

The Audit button is available on almost every screen in the HRplus Application. Only users who have Auditor privileges can view the Audit transactions - unauthorized users will not be able to see any data if they click the Audit button. Audit transactions captured are Insert, Update, Delete.

Grant User Audit Privileges


 In accordance with your company’s policy, designated users must be given Auditor privileges in order to view the Audit data. To do so, privileges MUST be granted as shown below:

Edit User Groups

Security>>User Administration>>[Search for user]>>[expand user record]>>Edit User Groups:



Enable Module Auditing

 Search for the Module for which the Auditing feature should be enabled. All HRplus modules will be displayed in alphabetical order in the drop down list. Scroll to view/select.

By Default, the Auditing feature is turned ON.

The Table Name, Audit Module and Navigation will be displayed as shown below. Complete the following fields and click the Submit button when done. Repeat for each module/table that should be audited!

    Always Audit:  check this box to continuously audit the table without any end date. 

    Audit Flag: if you wish to only enable auditing for a particular period then check this box and enter the date range in the Date From/Date To fields. This is checked by default.

    Navigation: The navigation to the various screens where data is stored in the corresponding Table name will be displayed.  This enables the user to match the database table to the equivalent screen in the front end of the HRplus application.


View Audit

 The Audit button is displayed on all screens of the HRPlus application. However, only users to whom Audit privileges are granted will actually be able to view the Audit data (users setup in Step 1).





How to Export (Single Sign On) SSO Logs


Security>>Security Settings>>Oauth Settings

Exporting SSO Logs

SSO login attempts are recorded and a log can be exported to Excel via the Export SSO Log button. The old log text file can also be downloaded via the Download Log File (Legacy) button.

Step 1: Export SSO Log File



Step 2: View SSO Log File




How to view Log In Activities


Security >> Log In Activity

Log In Activity


The application defaults to the login/logout activities of the most recent dates.

    The search option allows you to search for login/logout history by username (login name), Action ( Login or logout) and by date range.

    You may also sort the data on the page by clicking on the column headers (Action, Time, Log expires, Log IP, Error message)

    Data on this screen may also be downloaded to excel by clicking on the X excel icon.

Step 1: View the user's Time Zone



Security>>User Administration>>[Select Employee]>>[+]>>Time Zone


Step 2: View the login details





View Example of SSO Login Details

 


Understanding User Roles on HRplus


On HRPlus, users are categorized into different roles to ensure that they have the appropriate access levels to perform their duties and responsibilities effectively.

Here are the key differences between core users, self-service users, manager self-service users, and department admin users:.


User Access

HRplus Access Level

Who are these Users?

Responsibilities

Core User

Broad access to the system, including administrative and management functions.

Typically includes HR staff and system administrators.

Managing employee records, processing payroll, and generating reports.

Self-Service User

Limited access focused on personal information and basic functions.

Regular employees who manage their own HR-related tasks.

Viewing and updating personal details, accessing pay slips, submitting leave requests, and viewing benefits information.

Manager Self-Service User

Manages information for their direct reports.

Managers and supervisors responsible for overseeing their team members.

Reviewing and approving leave requests, managing performance evaluations, and accessing team-related reports.

Department Admin User

Manages information for the reports within their assigned departments.

Departmental administrators who support HR functions within their departments.

Acting as an intermediary between HR and employees, updating departmental records, assisting with department-specific queries.


What is SSO and how can I have this enabled on HRplus?


User Login>>Single Sign On

Single Sign On (SSO)

This is an authentication process that allows a user to access multiple applications with one set of login credentials. When selecting the SINGLE SIGN ON button, users will authenticate using Microsoft Active Directory and will be signed into the corresponding user within the HRplus application.

Entering the username and password on the HRplus login screen is NOT required.

The generated password meets the complexity requirements of the system when the SSO option is used. Single Sign On can also work with standalone mobile applications.

 

Contact our support team at HRplus to have this feature enabled for your organisation.

Single Sign On (SSO)

The user is automatically logged into HRplus, without the need to enter a password.




Security>>Login Activities





Security>>Security Settings>>Oauth Settings



Download/Export and Review SSO Log Files

 


SSO login attempts are recorded and a log can be exported to Excel via the Export SSO Log button.  The old log text file can also be downloaded via the Download Log File (Legacy) button.




How do I change my password on HRplus?

You can change your HRplus password in three ways:

1. Using the 'Forgot Password' button on the login screen (for all HRplus users):

    Enter your User ID and click 'Forgot Password'.

    You'll receive an email with a password reset link, valid for 15 minutes.

    Click the link, enter a new password, and select 'Login'.

2. Using the 'Change Password' icon (for all HRplus users):

    click the 'Change Password' icon.

    Enter and confirm your new password.

    Click 'Submit' to save.

3. Through the Security Module (for System/Company Administrators only):

• System/Company Administrators have two methods to change user passwords within the Security Module.



How can I deactivate or reactivate a user's account?

To deactivate or reactivate a user account in HRplus, follow these steps:

1.     Navigate to 'Security' -> 'User Administration'.

2.     Search for the specific user and click on their record.

3.     Click the 'Deactivate' button to deactivate the account, or the 'Reactivate' button to reactivate it.

Note: The Account End Date automatically populates when an account is deactivated, including when an employee is separated from the company.


How do I grant company access to a user in HRplus?

You can grant company access to users in two ways:

1. Grant access to all companies, divisions, and departments:

• This option grants the user access to all data across the entire HRplus database. It's typically used for System Administrators.

1. Grant access to specific companies, divisions, and departments:

    This option allows you to select specific company hierarchies for user access, granting them permission to view employee data only within those chosen areas.


What are the different user roles in HRplus and their access levels?

HRplus has distinct user roles, each with specific access levels to manage information and perform tasks:

    Core Users: HR staff and system administrators with broad access to administrative and management functions, including employee records, payroll, and reporting.

    Self-Service Users: Regular employees with limited access to their personal information and basic HR tasks, such as updating personal details, accessing payslips, and submitting leave requests.

    Manager Self-Service Users: Managers and supervisors with access to information related to their direct reports, enabling them to approve leave requests, manage performance evaluations, and access team reports.

    Department Admin Users: Departmental administrators responsible for managing information and supporting HR functions within their departments. They act as intermediaries between HR and employees, updating records and assisting with departmental queries.


How can I restrict access to specific reports in HRplus?

To restrict user access to certain reports:

1.     Go to 'Security' -> 'User Administration'.

2.     Select the user and click the '+' sign to expand their record.

3.     Navigate to the 'Restrict User Reports' tab.

4.     Click 'New Record' and choose the specific report to restrict by selecting its Reporting Area, Reporting Group, and Report Number.

5.     Click the save icon and repeat for each report you want to restrict.


What are the benefits of Two-Factor Authentication (2FA) in HRplus?

Two-Factor Authentication (2FA) enhances security by requiring users to provide two forms of authentication:

something they know (password) and something they have (typically a unique code from a mobile app or hardware token).

Benefits of enabling 2FA in HRplus include:

    Stronger Security: Makes it significantly harder for unauthorized users to access accounts, even if they obtain a password.

    Protection Against Phishing: Reduces the risk of compromised accounts through phishing attacks.

    Data Protection: Safeguards sensitive employee data from unauthorized access.

    Compliance: Helps meet regulatory requirements for data security and privacy.







    • Related Articles

    • Security (Settings)

      ‌Security Settings  Security>>Security Settings>>Password Configuration ‌How to set up Password Configurations Password Configuration Access to HRplus is restricted through password control. Each user logs in with a user ID and password, which the ...
    • Security (FAQs)

      ‌Security FAQs ‌Understanding User Roles on HRplus On HRPlus, users are categorized into different roles to ensure that they have the appropriate access levels to perform their duties and responsibilities effectively. Here are the key differences ...
    • Security (Changing Passwords)

      ‌Changing Passwords  Security>>User Administration>>Change User Password ‌How to change my password Once Password Configurations have been saved, please change your password to reflect the new parameters (if necessary). Next, logout and log back in ...
    • Security (‌Login Activity)

      ‌Login Activity  Security >> Log In Activity ‌How to view Log In Activities Log In Activity The application defaults to the login/logout activities of the most recent dates. The search option allows you to search for login/logout history by username ...
    • Security (‌Module Audit)

      ‌Module Audit  Security>>Module Audit ‌How do I use the Auditing feature? Module Audit The Auditing feature in HRplus is available for ALL modules and: Allows for an inspection of Insert/Update/Delete functions that are performed by users of HRplus. ...