Simplifying the authentication experience for your remote employees

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Simplifying the Authentication Experience for Your Remote Employees

    The Issue Auto Resolution application enhances the authentication process for remote employees by allowing access to the service portal through links sent via SMS or email. This feature is particularly beneficial for employees who lack corporate credentials, enabling them to bypass traditional username and password entry.

    Show full answer Show less

    Key Features

    • Remote employees receive a digest link via email or SMS, facilitating easier access to the service portal.
    • The process involves entering a one-time password (OTP) received through email, after which the employee can view recommendations on the ticket page.
    • Time-limited authentication can be extended using the Time Limited Authentication plugin, which allows customization of access link properties.
    • Configuration settings such as enabling time-limited authentication and multi-provider single sign-on (SSO) can be adjusted for security and usability.

    Key Outcomes

    With the implementation of this simplified authentication process, remote employees can quickly and securely log in to the service portal, improving their experience and reducing barriers to accessing important information, such as benefits enrollment. The system's user criteria ensure that only eligible employees can generate the digest links, maintaining security and integrity within the organization.

    With the Issue Auto Resolution application, you can simplify the authentication experience for your remote employees. Instead of entering a user name and password to access the service portal, your remote employees can get to the portal through a link in a short messaging service (SMS) or email.

    By using the Issue Auto Resolution application, your remote employees who don't have the corporate credentials can still access your service portal without entering a user name and password. When you create a case for the employee, that employee gets a link through a text (SMS) or email. That link directs them to the login page where they’re prompted to enter a user name and password. With this simplified authentication experience feature, these employees, who fulfill the user criteria mentioned in the sn_iar_hr.digest_link_user_criteria system property, can access the portal without entering credentials.

    You can install the Time Limited Authentication (com.snc.authenticate.time_limited_authentication) plugin to extend the core functionality of the Issue Auto Resolution application.

    Successful and simplified login experience

    Let's say that a remote employee recently joined your organization. Your employee doesn't have the corporate credentials to access the service portal but that employee has a query about the dental benefits enrollment. With the Issue Auto Resolution application, your employee can access the service portal through an email by using a personal device.

    The following example shows how a remote employee can log in to the portal without credentials by using a digest link.

    Figure 1. Simplified log in experience for remote workers
    Remote employee accessing digest link to view recommendations.
    The process is as follows:
    1. The remote employee gets the digest link through an email.
    2. The link directs the employee to verify the identity page, where the employee has to enter a one-time password (OTP) received through an email.
    3. The employee is then directed to the standard ticket page, where the employee can view the recommendations.
      Note:
      The link’s validity depends on the values that are defined in the time-limited authentication configuration record. In this case, the maximum number of times an employee can use the link is set to one.
    4. The employee is redirected to the expired link page when the employee tries to use the same link again.
    5. The employee gets an email with a new digest link.

    Time-limited authentication

    You can do the following tasks to set the existing time-limited authentication properties:
    • Enable the time-limited authentication glide.authenticate.enable.time_limited_authentication property.
    • Disable the account recovery property.
    • Enable multi-provider single sign-on (SSO).
    • Enable the Active field in the time limited authentication properties config record.
    To learn how to configure the properties, see Time Limited Authentication Properties form.

    To learn more about time-limited authentication, see Time limited authentication.

    User criteria for generating the digest link

    You can use the sn_iar_hr.digest_link_user_criteria system property to get and validate the user criteria for generating the digest link. This link appears in an SMS or email that is sent to the employee. The value should be the sys_id of the active user criteria. For more information, see User criteria form.

    Users with the admin and sn_hr_core.admin roles can assign the sn_iar_hr.digest_link_user role. This role is added to the available user criteria to validate if that user qualifies for digest link generation.