Simplifying the authentication experience for your remote employees

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Simplifying the Authentication Experience for Your Remote Employees

    With the Issue Auto Resolution application, remote employees can access the service portal without needing to enter a username and password. Instead, they receive a link via SMS or email, allowing them to log in more easily, particularly if they lack corporate credentials.

    Show full answer Show less

    Key Features

    • Digest Link Access: Employees receive a link through email or SMS that leads to the login page, where they can enter their username and password.
    • One-Time Password (OTP): After clicking the digest link, employees verify their identity using an OTP sent to their email.
    • Time-Limited Authentication: You can extend the functionality of the application by installing the Time Limited Authentication plugin, allowing for controlled access based on defined parameters.
    • User Criteria Validation: The system property allows for the validation of user criteria to ensure only eligible employees receive the digest link.

    Key Outcomes

    By implementing this system, remote employees can quickly and securely access necessary resources, such as benefits enrollment, without traditional login barriers. The time-limited authentication ensures that links are used securely and are valid for a single session, enhancing security while simplifying the user experience.

    With the Issue Auto Resolution application, you can simplify the authentication experience for your remote employees. Instead of entering a user name and password to access the service portal, your remote employees can get to the portal through a link in a short messaging service (SMS) or email.

    By using the Issue Auto Resolution application, your remote employees who don't have the corporate credentials can still access your service portal without entering a user name and password. When you create a case for the employee, that employee gets a link through a text (SMS) or email. That link directs them to the login page where they’re prompted to enter a user name and password. With this simplified authentication experience feature, these employees, who fulfill the user criteria mentioned in the sn_iar_hr.digest_link_user_criteria system property, can access the portal without entering credentials.

    You can install the Time Limited Authentication (com.snc.authenticate.time_limited_authentication) plugin to extend the core functionality of the Issue Auto Resolution application.

    Successful and simplified login experience

    Let's say that a remote employee recently joined your organization. Your employee doesn't have the corporate credentials to access the service portal but that employee has a query about the dental benefits enrollment. With the Issue Auto Resolution application, your employee can access the service portal through an email by using a personal device.

    The following example shows how a remote employee can log in to the portal without credentials by using a digest link.

    Figure 1. Simplified log in experience for remote workers
    Remote employee accessing digest link to view recommendations.
    The process is as follows:
    1. The remote employee gets the digest link through an email.
    2. The link directs the employee to verify the identity page, where the employee has to enter a one-time password (OTP) received through an email.
    3. The employee is then directed to the standard ticket page, where the employee can view the recommendations.
      Note:
      The link’s validity depends on the values that are defined in the time-limited authentication configuration record. In this case, the maximum number of times an employee can use the link is set to one.
    4. The employee is redirected to the expired link page when the employee tries to use the same link again.
    5. The employee gets an email with a new digest link.

    Time-limited authentication

    You can do the following tasks to set the existing time-limited authentication properties:
    • Enable the time-limited authentication glide.authenticate.enable.time_limited_authentication property.
    • Disable the account recovery property.
    • Enable multi-provider single sign-on (SSO).
    • Enable the Active field in the time limited authentication properties config record.
    To learn how to configure the properties, see Time Limited Authentication Properties form.

    To learn more about time-limited authentication, see Time limited authentication.

    User criteria for generating the digest link

    You can use the sn_iar_hr.digest_link_user_criteria system property to get and validate the user criteria for generating the digest link. This link appears in an SMS or email that is sent to the employee. The value should be the sys_id of the active user criteria. For more information, see User criteria form.

    Users with the admin and sn_hr_core.admin roles can assign the sn_iar_hr.digest_link_user role. This role is added to the available user criteria to validate if that user qualifies for digest link generation.