Items in Basket

Subtotal

Checkout View and edit basket

Customers Also Bought

2.6 Release Note

Introduction

This document describes changes in OCS Self Service (SelfService) from version 2.5 to 2.6.
Please note that this version require the latest version of OCS HR – 22.00

General changes

Two factor authentication

The authentication model for customers using normal username / password has been rewritten to handle more secure cookies and to support the possibility to offer two factor authentication (2FA). By enabling 2FA the users account is more secure. This is also a recommended approach to be GDPR compliant (General Data Protection Regulation). 2FA authentication mean that the user must provide an additional method to identify him/herself after login in with username / password. Three different methods for 2FA is available in SelfService; e-mail, SMS and Google authenticator key.
No changes need to be done if users are authenticated using Windows Authentication or AD-authentication

Setup changes

First of all changes must be done to web.config. This is a part of the installation instruction. If this is not done, SelfService will show a message that installation must be done correct. The setup change applies to all customer using user / password logon, also customer not wanting to us 2FA.

Enable 2FA

2FA must be enabled for SelfService before each user can start to use it
Settings | Setup | Properties, Action | Setup of System variables

Group:

OCSWeb

Key:

Enable Two Factor Authentication

Value:

T/F (default F). True enables 2FA

Using 2FA

Using 2FA is an individual option for each user. As a default every user needs to individually turn on 2FA. This is because the second authentication option needs to be verified / enabled before the user can identify with 2FA.
2FA is enabled for the user from the Profile. Profile is found below the down-caret beside the username, upper right corner.
After 2FA is enabled for SelfService, a section is shown on the bottom of the Profile-page.


The user starts by checking the 'Enable two factor authentication'-check.
After 2FA is enabled, the different authentication options are shown (SMS 7 Phone number are not shown if the company does not have a SMS sending agreement)


At this stage none 2FA providers are verified, and if the user log on/off, login will be as previous login. MintraGroup can assist with script to set all e-mail addresses as verified if the one is 100% certain that email addresses are correct. Remember that is 2FA is enabled, and the only second method is an invalid e-email address, then the user will not be able to log on.

e-mail address

e-mail address should be the least preferred 2FA method. e-mail sending is often slow, and the user often must wait a long time before the mail is received. When pushing the Verify email- button, a confirmation link is sent.


After clicking the link, the e-mail is verified and the next time the user logs on, a verification mail with a code will be sent.

Phone / SMS

When the user click Verify phone number, a 6 digit code is sent to the given phone number.


The user must enter the code to verify phone. Next time the user logs on, he or she can use phone as a second login validation

Google authentication

To use Google authentication, an app needs to be installed on your cellular phone. There are multiple free apps allowing authentication in Google Play / Apple Store. Search for Google Authenticator or Microsoft Authenticator. It should also be possible to find one for Windows Phone. Google authentication should be the preferred 2FA method.
Push the 'Enable google authentication'-button.


From the downloaded app, scan the QR-code. Input the generated code and push Submit.
In the authenticator app, a new section is added with OCS HR SelfService and the user id.


This app will generate new codes every 30 sec., that can be used for logon.

Log on

After 2FA is enabled, and at least one provider is verified, a new window will appear after logon. If multiple 2FA providers are enabled, a drop down is shown, with the possibility to select.


If only one provider is enabled, the window asking for the 6 digit code is shown.


If the user click remember browser, it is not necessary to do 2FA any more in this browser on this computer.

Dashboard

The dashboard functionality is a new and easier way to administer the users front-page. With this functionality individual dashboards can be created based upon the individual need. Each user can select their own dashboard, and it also possible for individual users to create their own dashboard.
The dashboard functionality offers different layouts, and also makes it easier to fully use the whole available space of the front-page. If not creating and setting dashboard, the existing front-page is used.

Administration dashboard

A new page is created to add and edit dashboard. The page is controlled by page access
Groups access

Function ID

DASHBOARDADMIN.ASPX

Description

Dashboards

Function type

WEBPAGE


The page is found in the admin menu. If other user than admin should be able to add and edit dashboard, it is recommended to move the page to another menu spot.
The page is divided into three sections. The first section shows existing dashboards and a button to create new.


Select an existing dashboard to edit layout
The next section is for editing the dashboard name, and select Layout

Available fields

Description L1

Description shown to users with data language 1 (EN)

Description L2

Description shown to users with data language 2 (NO)

Shortcut

The link to the page to open. If in doubt go to Menu admin and combine the data in Url + Page to find the correct SelfService link. External links are also possible. If link added starts with http or https a new page is open. Internal SelfService links should start with ~/ as in menu.

Layout

Select the wanted layout for this dashboard. 8 different layouts are available. The layout decides how the page is divided into sections.

Shared

If this dashboard should be available to other users, check Shared. If shared is checked it is still possible to limit access by user groups.


The last section is for group access. If a dashboard only should be selectable for a group of user, use group access. Group access is only applicable if the dashboard is shared.

Setup a dashboard

Use the plug-icon  to edit and setup the dashboard. Add plugin to page by selecting from available plugins. Plugins can be dragged-n-dropped between sections. Plugins have a preview of content when added.
If a plugin has parameters, a gear icon is available on the header of the plugin. If static content is wanted, go to Admin Menu  Text, and add 'Page content'. The static page will be available if plugin 'Page content' is used.

Using the dashboard

Each user can choose from available dashboards in their profile page.

Mail sending

Some parameters have been added to support mail sending from SelfService.
Settings | Setup | Properties, Action | Setup of System variables

Group:

OCSWeb

Key:

Noreply email address

Value:

If using this setting all mails from SelfService, will use this address as the sender (from-field), not the email of the user.

Group:

OCSWeb

Key:

Send copy of email to deputies

Value:

T/F (default F). If set to T(rue), every time a user recives a workflow email from SelfService, every user set up as deputy will receive a copy of the same mail.

Group:

OCSWeb

Key:

BaseUrl

Value:

The Url to SelfService.
On some installations there is a problem to identify the correct Url of the SelfService installation, especially if there are different internal and external Url used for SelfService. If wanting one url for click-able links in mails, set the correct Url here.

Mail send

  • Showing own address in parenthesis next to copy-to-self if noreply address is used (if copy-to-self is checked your own address is put in the CC list and will only work for bulk sending as before)
  • For bulk sending of email, deputies are put in the BCC list. For single sending they are put in the CC list.
  • no reply address and deputies are also used for the web-inbox (internal mail).

Not in use – Crew

A 'Not in use'-check has been introduced on Crew in OCS HR. Crew marked as Not in use are removed from the dropdown in Approve Hours.

ESS

Activity is private

A new parameter has been added in OCS HR, defining selected activities as private. If an activity is marked as private, the comment on the activity is replaced by '*Privat*'
To be able to see all comments on all activity, group access must be given to selected user groups.
Groups access

Function ID

SHOW_PRIVACY_ACTIVITY'

Description

Show remarks on private activities /
Vis kommentarer på private aktiviteter

Function type

WEBFUNC

Document describing competence

On the basic data definition of competence codes, it is possible to attach a document. This document is available for download in Employee info, tab competence and in page Own competence. This also applies when manager uses these functions.

Course registration / Competence requirement

Refresh link

When doing self-enrolment to an online e-learning course, the course is not available until a link is created. Since the page does not automatically refresh, the text Awaits link and a button is added to the line with the possibility to 'Refresh'.

Confirm completed

If the user has completed an online e-learning course, the competence should be valid / green, and course diploma is received. This check is only done once-a-day, but if the user knows that he or she has finished and passed it is possible to trigger a check by pushing confirm complete.

Colors in the matrix

The analyses for the employee now uses the same color as in the manager Competence request. The colors is described behind the question mark in the heading.

Password on Payslip

A new field has been added, enabling the user to set their own password on their payslip. This password will be set when the payslip is downloaded from the payslip tab.
The same password can also be used when the payslip is sent by email, but this depends on the setup of email sending.
Access to the column is controlled by group access
Groups access

Function ID

'W_PAYSLIP_PASSWORD'

Description

Payslip password / Lønnslipp passord

Function type

WEBCOLUMN


To enabled password go to
Settings | Setup | Properties

Group:

OCSWeb

Key:

Encrypt Payslip Self Service

Value:

T/F (default T). True payslips to be encrypted with password.

MSS

On-the-Job training – Show only relevant to position

In the function Show On-the-job training there is a new checkbox called 'Show only relevant to position'. A program can be assign to an employee based upon position. When this employee later changes position, the program is still attached to the person.
By using this checkbox when query for the result, only document currently 'required' (connected through position) is shown.

Hours

Activity as input period in Timesheet

It is possible to set up a default period in the timesheet window. This period was setup in Global setup
Settings | Setup | Properties

Group:

OCSWeb

Key:

Input period hours

Value:

Choose the default input period for hour registration. Possible values are: WEEK, MONTH, TWOWEEK and any numeric value in the month

This setup has been extended with a new value 'ACTIVITY'. If using 'ACTIVITY' as input period, the period start and end date is controlled by activities used for hour registration. A dropdown with possible activities will appear below the period, and the user can select the period by selecting activity.


The next and previous arrows will also use the activity as jump to period. Manual override is allowed.
If only wanting to use this setting for a group of employees, use Group access instead.
Groups access

Function ID

HOURS_ACTIVITY_AS_INPUT_PERIOD

Description

Use activity as input-period for Timesheet /
Bruk aktivitetsperiode som input i timereg.

Function type

WEBFUNC


Then only members of groups given access will have this as input period. Other user will have period set in Global setup.

Checkbox timesheet

The number of possible checkboxes in timesheet are extended by two.

Travel

Wait spinner – Expense items

Added a wait spinner when changing items that need to fetch data from server. For instance when changing the currency it is necessary to fetch the exchange values.

Expense grid report

Vat value and code is added to the grid report

Card integration – Nordea FirstCard

SelfService can now import credit card transactions from Nordea FirstCard.

Exchange rate and Expense items from Credit Card

If a expense item was add from an credit card transactions, the exchange rate was overwritten with the exchange rate from OCS HR if the expense data was changed. This is now changed, the exchange rate from the credit card is kept.

Various corrections

User report

The report User report – User access has been cleaned up. Department access now only shows direct access to the department, or department where the user is responsible.

Timesheet report

A section to filter by approval status are added to the query window.


To only return employee approved hours, choose Approved by role : Employee

Address format

The address format introduced in previous version messed up some of the access control on address.