Two-factor authentication is an electronic authentication method in which a user is granted access to StaffScheduleCare only after successfully presenting two pieces of evidence.
The two layers of authentication is the SSC User ID and password followed by presenting an authentication code sent to a previously provided email address, telephone number or text to their cell phone.
The system will send the authentication code using one of three methods: SMS (text message), Phone (to phone number provided) or to an email address provide in their profile.
Turning on the Two-factor Authentication is global and will apply to all employees or managers logging into StaffScheduleCare. If your Security Access profile allows you access to the Config / Security you may enable this feature, otherwise, contact the StaffScheduleCare Client Care team.
Config / Security / Login and Password
▪Select the Config menu. ▪Select the Security menu. ▪Select Login and Password.
Here you will define the frequency (how often) and how long the system will wait for a reply back with the verification code.
▪Click in the check box for Use Two-factor Authentication to enable the feature. ▪In the Waiting Time field enter the length of time, in minutes, allowed to reply with the verification code before expiring. ▪In the Frequency of Authentication (days) field enter the number of days for how often. Entering zero will force the authentication on every log in.
Manager Login Setup
▪Select the Config menu. ▪Select the Setup menu. ▪Select Security Users.
To apply the authentication feature to managers' login there must be a telephone number or an email address as well as a default method for sending an authentication code.
▪Click on the manager's name to highlight line. ▪In the Use Two-factor Authentication click on the drop-down arrow and select the default method of sending the authentication code the manager prefers. ▪The system will call or send a text to the telephone number setup in the Telephone column. ▪Ensure an email address has been enter in the email field if the Email option has been selected.
Employee Login Setup
▪Select the Personnel menu. ▪Select the Personal Information menu. ▪Select Login Info.
Select the default authentication method.
For an employee, the system will use the number entered int the cell phone on the personal profile to either send a text or a phone call. Should the employee request the code be sent by phone and does not have a cell phone, enter their telephone number in the cell phone field on the personnel profile.
Ensure the Email and Cell Phone fields are populated.
|
Once the Two-factor Authentication has been turned on employees / managers will see an additional screen after logging into the StaffScheduleCare login screen. They will be presented with a window in which they can either use the default Send code by provided or click on the drop-down arrow and select an alternative method. The default Send code by is the option that was setup either on the Security User screen for managers or on the Login Info screen for employees. The system will provide a masked (with asterisk) either the phone number or the email address the code will be sent to.
Logging In
▪Change Send code by method if required; otherwise leave as is. ▪Click on the Send Code button. Click the red X to discontinue logging in.
After the Send Code button has been clicked the screen will refresh. There is now a field to enter the verification code. Retrieve the verification code sent by the Send code by method selected.
▪Enter the verification code in the Enter Code field. ▪Click Submit. If the verification code is valid the StaffScheduleCare software will open.
Receiving Verification Code Methods
Text Message
Phone The system will call the phone number provided with an automated message stating the verification code.
|
Should a Send code by method be selected that has not been setup in the system a warning message will be provided.
Below are examples of error messages.
Code Expired This happens if the verification code has been entered and the Submit button clicked after the Wait time has expired.
This occurs when there is not an email address associated with the login used. The masked email address is not displayed beside the to because that email address was not setup.
For a manager, check the Security User screen and ensure the email address field has been populated. If an employee receives this error, check on their Personnel / Personal / Name and Address screen that the email address field has been provided.
Phone not Provided The Phone not Provided warning will display if the Send code by option is either Phone or SMS and a number has not been setup. The absence of the masked phone number beside the to indicates the system did not have a number to display.
For a manager, check the Security User screen and ensure the Telephone field has been populated. If an employee receives this error, check on their Personnel / Personal / Name and Address screen that the Cell Phone number field has the required phone number.
|