Skip to main content

FAQ: Sign-In update actions

Shirley Bousfield
  • Updated

Introduction

This frequently asked questions (FAQ) guide is designed to address any outstanding questions you may have after following the Sign-In update actions guide.

It covers key topics related to preparing for the Ciphr update, including changes to the sign-in process, branding configuration, and user management.

Use the quick links to go to a specific area or press Ctrl and F together to bring up a word search in the top right of the screen.

Before reviewing the FAQ, we recommend reading through the steps outlined in the main guidance as it should cover most of your queries.


If your query is not listed here, then please see the Further information section for details on how to contact Customer care who will be happy to help.

 

General

What is Sign-In?

Sign-In is a centralised authentication platform designed to help Ciphr customers manage users more efficiently. Key features include:

  • Centralised user management: customers can manage all their users from a single area
  • Self-serve configuration of single sign-on (SSO): customers can configure SSO without needing Ciphr support
  • Unified login: it will eventually enable users to access all Ciphr products using a single login

This new feature aims to simplify the user management experience for customers. Sign-In supports Ciphr HR and MyPay, but will soon expand to include all Ciphr products, such as LMS and iRecruit.

During the initial set up, Sign-In will not be linked to your HR system to give you time to complete the configuration tasks, and your users will be unaffected at this stage.

 

Why do I need Sign-In?

Configuring Sign-In is the first step in preparing for the future update of your HR system to be able to try out our new experience of a modernised interface, streamlined navigation, in-app guidance, enhanced security, and self-service branding capabilities to improve the user experience.

 

Do all users need a Sign-In account to access the system?

Yes, all users who need to sign in and access the system will need a Sign-In account. Without a Sign-In account, users won’t be able to access your HR system once it has been updated.

 

When will the HR update take place?

You will receive an email at least two weeks in advance, confirming the scheduled date for the next stage of the HR system update, which is expected to take place in March or April 2025.

The Sign-In tasks are in preparation for the HR update so your users will not be affected during Sign-in set up as it’s not linked to your HR system yet.

 

Do we need to communicate to our users during Sign-In set up?

During the set-up phase, Sign-In is not linked to your HR system so your users will be unaffected.

We will provide you with some suggested communications and guides at the next stage when you start to prepare for your HR update.

 

How long will it take to complete the pre-update tasks?

On average, the tasks take approximately two hours, depending on the volume of data that needs to be checked.

 

Who needs to complete the pre-update tasks?

An HR system administrator is required, with support from an IT colleague for SSO setup and an optional marketing colleague for branding configuration.

 

Getting started

How do I access the new Sign-In app?

HR system admins will receive an activation email. Click "Set your password," follow the instructions to set up your 2FA, and log in.

 

What if I didn’t receive the activation email?

Check your spam/junk folder. If it’s not there, you can submit a request for assistance from Customer care.  Please see Further information section for more details.

 

How do I create Sign-In accounts?

When you are initially configuring Sign-In, you can add users to help you with the initial tasks (such as an IT or Marketing colleague).  For details on how to do this please refer to the Update Actions Guide.

 

Note: Once your HR system is updated and connected to Sign-In, accounts can be created via the New Employee Wizard.

 

Can I remove Sign-In accounts for system administrators who won't be involved in the update actions?

Yes, in the Users tab you can delete users via the Actions menu in the right hand column, either:

  • Individually by selecting Actions > Delete to the right of the record
  • In bulk using the multi-select tick boxes in the left hand column. Ticking boxes will enable the bulk button at the top of the right column, then select Delete User to remove all selected users

 

Email validation

Why will users need an email address to sign in to the HR system?

To enhance security and streamline access, the updated HR system will require an email address to be populated in either the Contact Email Address or Work Email Address field of the user’s record, depending on which email field your system uses as the default. This email address will be used as the user’s login credential, replacing the traditional username. This can be a work or personal email address.

You can use the Specialist Report > Data Validation Export to check for blank or duplicate email addresses.  Please see this guide for full details.

 

How do I know which email address is the default one I need to populate?

The majority of customers use the Contact Email Address field, but if you’re unsure, please contact Customer Care (see Further information section) who can check the database for you.

 

How do I update the contact/work email address?

You can update the contact/work email address in Ciphr HR by:

  • Navigating to Personal > Personal Details > Contact Details
  • Locating the Contact/Work Email Address field
  • Entering the email address and clicking Update

If you have a large number of email addresses to update and would like some assistance, please submit a request (see Further information section) for a quote for additional services.

 

What are the benefits of using an email address instead of a username for login?

  • Enhanced security:

Email addresses are more secure and less predictable than usernames, reducing the risk of unauthorised access.

Multi-factor authentication (MFA) and other security features are easier to implement when linked to an email address.

  • Password recovery:

If you forget your password, having an email address simplifies the password recovery process. You can receive reset links directly to your inbox, eliminating the need for manual intervention.

  • Improved user experience:

Using an email address streamlines login, as it’s something you use regularly and are more likely to remember compared to a username.

 

What happens if I don’t have an email address on my record?

If no email address is populated in the Contact/Work Email Address field, users won’t be able to sign in once the HR system is updated.

 

Test records with no/duplicate email address

I have test users without an email address, how can I give them access?

You will need to populate a contact email address on their personal detail record. This can be a work or personal email address. Alternatively, you could use plus addressing (also known as sub addressing) to create a unique email variation of your email for your test users.

 

What is plus addressing?

Plus addressing is a way to create variations of your email address by adding a "+" followed by additional text. For example, if your email is user@example.com, you can use user+tag@example.com.

 

How do I use plus addressing?

Simply add a "+" and any word or identifier after the local part of your email address (before the "@" sign). For example, if your email is jane.doe@example.com, you could use jane.doe+newsletter@example.com.

 

Does plus addressing work with all email services?

Most email providers like Gmail, Outlook, and Yahoo support plus addressing. You may need to check with your IT team to confirm it’s supported.

 

Will plus addressing impact email delivery?

No, emails sent to a plus-addressed email (eg, user+example@example.com) will still be delivered to your standard inbox without any issues.

 

Where can I find out more about plus addressing?

Click on the link below for more information:

https://learn.microsoft.com/en-us/exchange/recipients-in-exchange-online/plus-addressing-in-exchange-online

 

Security

What if my organisation uses SSO?

If SSO is enabled, it must be configured and tested in the Single Sign-On section to ensure users can sign in smoothly after the update. 

Please refer to the detailed guidance on your method of SSO to help you configure this:

 

What happens if we have a SSO redirect in place?

We've standardised authentication for a simpler, more intuitive experience, removing the need for custom SSO redirects. Users enter their email, and we determine the login method. Saving the email allows one-click logins for SSO users.

 

Will I still be able to use my username to sign in?

No, usernames are no longer supported once your HR system has been updated. All users must use an email address to access the system.

 

What’s the difference between a global admin vs group admin in Sign-In admin?

Global admin has access to manage all sign in accounts within the Sign-In admin area

Group admin you can choose which record groups admins have access to view and manage within the Sign-in admin area

 

When I create a Sign-In account, will the user receive an email?

Yes, during the initial set up stage, if you wish to create a Sign-In account for someone helping you with the configuration (such as an IT or Marketing colleague), they will need to sign in with email and password so an “account activated” welcome email will be sent (as long as it’s enabled – see next question) when a sign-in account is created for them.

 

Can I turn off the account activated email?

Yes, to disable the email go to your profile page (bottom left) and click Admin (top right). On the Settings tab go to Email notifications, click Edit, disable the slider and click Submit.

 

Note: It’s recommended to set up any users needed to help with the set up tasks (such as an IT or Marketing colleague) before disabling the email to ensure they receive the “account activated” email to set up their sign in details.

 

Two-Factor Authentication (2FA)

Now mandatory for non-SSO users 

Why is two-factor authentication (2FA) mandatory for users who sign in with an email and password?

To enhance the security of your users’ records and protect sensitive data, 2FA is now mandatory for all users who sign in with an email address and password. This adds an extra layer of protection by requiring not only a password but also a second form of verification.

 

Note: SSO counts as a method of 2FA so if you are already using this or intend to set this up within Sign-in, then enabling 2FA for SSO users is optional.

 

What is two-factor authentication (2FA)?

2FA is an additional security measure where; after entering an email and password, users will need to provide a second piece of information to access their account. This could be:

  • A code generated by an authentication app (such as Google Authenticator, Microsoft Authenticator or Authy)
  • An email confirmation code
  • A unique code sent to a mobile device via SMS

 

Why is 2FA beneficial for security?

2FA significantly enhances security by:

  • Preventing unauthorised access even if someone has your password
  • Ensuring that only trusted devices and individuals can access your account
  • Reducing the risk of phishing attacks and other security breaches that rely on stolen passwords alone 

What happens if I don’t set up 2FA?

If users logging in with a password don’t set up 2FA, they won’t be able to sign in to the system. Setting up 2FA is now a mandatory requirement for all users who log in using email and password, and they will be prompted to set up their 2FA settings when signing in to Ciphr.

 

Is 2FA required every time I log in?

Yes, 2FA will be required each time you sign in with your email address and password, ensuring maximum security.

 

Can I opt out of 2FA?

No, where SSO is not being used, 2FA is now mandatory for all users using email and password authentication. This security measure is in place to protect the user’s account and the system as a whole.

 

Note: SSO counts as a method of 2FA so if you are already using this or intend to set this up within Sign-In, then enabling 2FA for SSO users is optional.

 

What are the different 2FA options available?

You can choose from multiple 2FA options, including:

Authenticator app: use an app to generate time-sensitive codes such as:

  • Google
  • Microsoft Authenticator
  • Email authentication: a code sent to a registered email address
  • SMS authentication: a code sent to a mobile device via SMS (if you are interested in enabling SMS, please contact your Ciphr Success Manager)

What’s the timeout of 2FA email codes?

Users will have 9 minutes from receiving their 2FA code via email to access the system. If they do not use the code within 9 minutes, they will need to request a new code.

 

Branding

Why is branding configuration important?

You need to configure your company branding (logo, colours, fonts) as part of the Sign-In set up, as this will appear on the new sign-in screen and all system-generated emails (eg password reset, activation emails).

 

Will the branding configuration affect my current live HR system?

No, the new configuration applies to the sign-in screen only during the preparation stage so your current HR system will be unaffected.  Once your HR system is updated and you have access to try the new experience, if you toggle on the switch you’ll see the new branding applied in the new experience.

 

Can we update branding after the update?

Yes, you can modify branding at any time in the Branding Configuration tab, but it’s best to get this ready in preparation for the HR system update so your users see a familiar sign-in screen from the outset with your logo and colours.

 

Further information

My question is not covered here, where can I get more help?

Please review the detailed guidance is available to walk you through the process step by step and answer most questions:

  • Update Actions Guide
  • In-app guidance when you sign in my click the ? help menu bottom right of the screen
  • SAML SSO Guide
  • Azure SSO Guide

You can also visit the Customer Care Hub and raise a support request if you still have outstanding queries:

Go to https://customercare.ciphr.com/hc/en-gb and sign in

  • Click Submit a Request
  • Select I’d like to contact Customer Care from the dropdown menu
  • Complete your details and select Ciphr HR as the Product
  • Select the relevant Ciphr HR Product Category (likely to be):
    • Branding
    • Login
    • Single Sign-On
    • Two Factor Authentication
  • Provide as much detail as possible of what you’d like help with

Related articles

Comments

0 comments

Article is closed for comments.