This guide is intended for customers who have:
- SSO enabled on their system
- All users log into the system using SSO
- SSO users whose Login Method is set to No Restrictions
As your users access the system via SSO, this guide will take you through the steps required to ensure that SSO is the only Login Method available. Doing so will help ensure that your Ciphr system continues to be a trusted and secure platform for your people data.
Running a Data Validation report will give you all the information you need before updating users Login Methods:
From the Data Validation report, you can learn:
Once the above steps are done, you are ready to enable the SSO only Login Method
Enabling the Data Validation - 2FA Export report
Let’s begin by enabling the Data Validation menu header under Specialist Reports and the Data Validation tile in the Role Management Actions menu for your chosen user role.
- Navigate to System > Security > User Role Management
- Select the user role that requires access to the Data Validation pages
- Select Pages from the Actions menu
-
Search for ‘data validation’ to view all related pages
-
Two pages will be returned in the search:
-
Data Validation:
This page enables access to the Data Validation menu header under Specialist Reports
-
Data Validation:
-
-
Role Management – Data Validation Access:
This allows the tile to be visible in
User Role Management, enabling the
generation of reports for specific
user roles
-
Role Management – Data Validation Access:
- Change both of these pages to Write Access
-
Click Review Changes
-
Click Update
- Click OK
You have now enabled the Data Validation menu header under Specialist Reports and the Data Validation tile in the Role Management Actions menu for your chosen user role.
- Click on your user role and select the Data Validation tile
- This page shows the data validation exports available to the user's specific role
-
Change 2FA Export to Accessible to grant access to the 2FA Export
- Click Review Changes
-
Click Update to confirm the change
- Click OK to apply the permissions for the user role to be able to run the data validation export
Running the Data Validation - 2FA Export report
- Navigate to Reporting > Specialist Reports > Data Validation
We suggest that you create a subset for the users that you wish to report on
- Click on the Subset button
- Create your Subset using the wizard. If you want to report on any users who have left your organisation and who might still have active Ciphr account, ensure you add Leavers to your Subset
- Once you have completed your Subset click on Export to download the report
Identify Leavers who still have an active Ciphr account
-
Open the report from your downloads and click Enable Editing
- You will see the Leavers - no account expiry in Column Q
You now need to change the formatting of any date related columns to display as a Short Date.
This can be done multiple ways in Excel, but for this example:
-
Highlight Columns C, D, K & L (click on the header on Column C and then hold Ctrl and select header D, K & L to select multiple columns)
- Select Short Date from the General dropdown
-
Click on the Filter button in the Leavers (no Account Expiry) header
-
To view any Leavers with a Date Left from yesterday and a blank Account Expiry, select Yes
- Click OK
- All records displayed could still have access to the system if they have a Login Method of No Restrictions, Ciphr Login only or Trusted Login or SSO only
Viewing which Login Method is configured against all your records
- Open the report and click Enable Editing
-
Filter Column J to view the Login Methods for your records
You are now able to view everyone’s login methods.
We recommend using the Login Method Trusted Login or SSO Only for all users who access the system via SSO. This will ensure that there is no other login method available for that user to be able to access the system.
If you want to change a Login Method, for example, you have identified records who have No Restrictions and they should be on Trusted Login or SSO Only, you can update this via Bulk Change or individually.
How to update the Login Method for SSO users
You can update a user’s Login Method via Bulk Change or individually.
To change the Login Method individually:
- Locate the user that you wish to amend and access their account
- Select Account Settings
- Click on the Login Method dropdown and select Trusted Login or SSO only
- Click Update
Your account settings have been updated with the new Login Method of Trusted Login or SSO only.
To change the Login Method via Bulk Change:
-
Choose People Admin > Tasks > Bulk Change
- A screen displaying a three-step process will be displayed
Step 1:
-
Click Select person subset
- The subset screen will be displayed, enabling you to select the records for who the change is to be made
- The screen will display your selected employee records in the Step 1 column
Step 2:
-
Select Field
-
Select Login Method from the Field dropdown list
-
Select Trusted Login or SSO only from the Change to dropdown list
Step 3:
-
There are no options for these selections is displayed as this is not applicable for this type of field
- Click Finish to complete
- You can export a PDF of the changes that you have just made as well as seeing it on-screen
Setting system configuration default login
Since the Login Method for all users has now been changed to Trusted Login or SSO only, you may wish to set this as the default to ensure consistent restrictions. To do this:
- Go to System > System Configuration > System Configuration
-
Click on the Group Name filter and select is equal to > Login
-
Click Filter
- Select Default Login Method ID from the list
On this screen, you can see that the Login Method that new employees will default to, which in this case is 1. This means that any new employees will have No Restrictions applied.
1 | No Restrictions |
2 | Ciphr Login only |
3 | Trusted Login or SSO only |
4 | No Login |
- Now decide on the Default Login Method you require and amend the Value
- Select Update
Comments
0 comments
Please sign in to leave a comment.