This guide is intended for customers who wish to check that all employees have the correct credentials to be able to sign in via the Ciphr Sign-In app.

Ciphr Sign-In has been designed to enhance security and simplify user access and once connected to your HR system, it will sync all ‘active’ users so they can access your system. The criteria for an active account is:

• A unique contact/work email address - this is essential as it will serve as the user's sign-in credential, replacing the traditional username. Emails can be either a work or personal email address
• Their Enabled From date is populated (this corresponds to the Account Enabled From field in Account Settings). Where dates are in the future, the account will be accessible from this date
• Their Enabled To date is either blank or set for the future (this corresponds to the Account Expiry field in Account Settings)

Past leavers will not be included in the sync and we’ll provide guidance at the appropriate time, on how you’ll be able to sync them if they need access to the updated version.

 

How to check sign-in account credentials

The 2FA Data Validation report will give you all the information you need to check which records will sync with Sign-In:

• Enabling the Data Validation – 2FA Export report
• Running the Data Validation - 2FA Export report

From the Data Validation report, you can learn how to:

• Identify missing contact email addresses from your Report
• Identify duplicate contact email addresses from your Report
• Identify current users that have an inactive Ciphr account
• Identify Leavers who still have an active Ciphr account - optional step

 

Enabling the Data Validation - 2FA Export report

 Let’s begin by enabling the Data Validation menu header under Specialist Reports and the Data Validation tile in the Role Management Actions menu for your chosen user role.

 

• Navigate to System > Security > User Role Management

 

 

• Select the user role that requires access to the Data Validation pages
• Select Pages from the Actions menu

 

 

• Search for ‘data validation’ to view all related pages

 

 

 

• Two pages will be returned in the search:
  • Data Validation:  This page enables access to the Data Validation menu header under Specialist Reports

• Role Management – Data Validation Access: This allows the tile to be visible in User Role Management, enabling the generation of reports for specific user roles

 

 

• Change both of these pages to Write Access

 

 

• Click Review Changes
• Click Update
• Click OK

 

You have now enabled the Data Validation menu header under Specialist Reports and the Data Validation tile in the Role Management Actions menu for your chosen user role.

 

• Click on your user role and select the Data Validation tile

 

 

• This page shows the data validation exports available to the user's specific role

 

 

• Change 2FA Export to Accessible to grant access to the 2FA Export
• Click Review Changes

 

• Click Update to confirm the change

 

• Click OK to apply the permissions for the user role to be able to run the data validation export

 

 

 

Running the Data Validation - 2FA Export report

• Navigate to Reporting > Specialist Reports > Data Validation

 

 

We suggest that you create a subset for the users that you wish to report on

• Click on the Subset button

• Create your Subset using the wizard. If you want to include any future starters who are not current yet, use the 'All Staff' standard set

 

• Once you have completed your Subset click on Export to download the report

 

 

Identify missing contact email addresses from your Report

• Open the report from your downloads and click Enable Editing

• You will see the Contact Email Address in Column H and Missing Contact Email Address in Column O

 

• Click on the Filter button in the Missing Contact Email Address header
• Click on Yes to view any accounts that have a Missing Contact Email Address and OK
• All records with a missing Contact Email Address are shown

 

• Now that you have identified all the records with a missing Contact Email Address, go to Personal Details and update these records with a unique Contact Email Address that the user can use so their record will be synced with the Sign-In app to verify their login method

 

 

Identify duplicate contact email addresses from your Report

• Open the report from your downloads and click Enable Editing

• You will see the Duplicate Contact Email Address in Column P

 

 

• Click on the Filter button in the Duplicate Contact Email Address header
• Click on Yes to view any accounts that have a Duplicate Contact Email Address and OK
• All records with a Duplicate Contact Email Address are shown

 

• Now that you have identified all the records with a duplicate contact email address, go to Personal Details and update these records with a unique contact email address that the user can use to receive their one-time verification code

 

 

Identify current users that have an inactive Ciphr account

• Open the report from your downloads and click Enable Editing
• You now need to change the formatting of any date related columns to display as a Short Date. This can be done multiple ways in Excel, but for this example: 
  • Highlight Columns C, D, K & L (click on the header on Column C and then hold Ctrl and select header D, K & L to select multiple columns) 
  • Select Short Date from the General dropdown

• Use the filters as required to check if any current users have an inactive account, for example: 
  • If your subset included Leavers, Filter Column D to remove blanks so you're only viewing current records
  • Filter Column K to check for future dates to ensure they match the start date in Column C, as this is when accounts will be active from
  • Filter Column L to check for any past dates

If any data needs to be corrected this can be done individually or via Bulk Change.

 

Identify Leavers who still have an active Ciphr account - optional step

• Leavers will not be included in the Sign-In sync, so this is an optional, best practice step to check all of your past leaver accounts have been deactivated correctly
• Open the report from your downloads and click Enable Editing
• You will see the Leavers - no account expiry in Column Q

 

You now need to change the formatting of any date related columns to display as a Short Date.

This can be done multiple ways in Excel, but for this example:

• Highlight Columns C, D, K & L (click on the header on Column C and then hold Ctrl and select header D, K & L to select multiple columns)
• Select Short Date from the General dropdown

 

 

• Click on the Filter button in the Leavers (no Account Expiry) header
• To view any Leavers with a Date Left from yesterday and a blank Account Expiry, select Yes
• Click OK

 

• All records displayed could still have access to the system if they have a Login Method of No Restrictions, Ciphr Login only or Trusted Login or SSO only

 

• We would then suggest that you deactivate any of these accounts
• For guidance on deactivating accounts please see Setting an Account Expiry: Bulk Change and individually