2.6 Release Note
This document describes changes in OCS Self Service (SelfService) from version 2.5 to 2.6.
Please note that this version require the latest version of OCS HR – 22.00
Two factor authentication
The authentication model for customers using normal username / password has been rewritten to handle more secure cookies and to support the possibility to offer two factor authentication (2FA). By enabling 2FA the users account is more secure. This is also a recommended approach to be GDPR compliant (General Data Protection Regulation). 2FA authentication mean that the user must provide an additional method to identify him/herself after login in with username / password. Three different methods for 2FA is available in SelfService; e-mail, SMS and Google authenticator key.
No changes need to be done if users are authenticated using Windows Authentication or AD-authentication
First of all changes must be done to web.config. This is a part of the installation instruction. If this is not done, SelfService will show a message that installation must be done correct. The setup change applies to all customer using user / password logon, also customer not wanting to us 2FA.
2FA must be enabled for SelfService before each user can start to use it
Settings | Setup | Properties, Action | Setup of System variables
Enable Two Factor Authentication
T/F (default F). True enables 2FA
Using 2FA is an individual option for each user. As a default every user needs to individually turn on 2FA. This is because the second authentication option needs to be verified / enabled before the user can identify with 2FA.
2FA is enabled for the user from the Profile. Profile is found below the down-caret beside the username, upper right corner.
After 2FA is enabled for SelfService, a section is shown on the bottom of the Profile-page.
The user starts by checking the 'Enable two factor authentication'-check.
After 2FA is enabled, the different authentication options are shown (SMS 7 Phone number are not shown if the company does not have a SMS sending agreement)
At this stage none 2FA providers are verified, and if the user log on/off, login will be as previous login. MintraGroup can assist with script to set all e-mail addresses as verified if the one is 100% certain that email addresses are correct. Remember that is 2FA is enabled, and the only second method is an invalid e-email address, then the user will not be able to log on.
e-mail address should be the least preferred 2FA method. e-mail sending is often slow, and the user often must wait a long time before the mail is received. When pushing the Verify email- button, a confirmation link is sent.
After clicking the link, the e-mail is verified and the next time the user logs on, a verification mail with a code will be sent.
Phone / SMS
When the user click Verify phone number, a 6 digit code is sent to the given phone number.
The user must enter the code to verify phone. Next time the user logs on, he or she can use phone as a second login validation
To use Google authentication, an app needs to be installed on your cellular phone. There are multiple free apps allowing authentication in Google Play / Apple Store. Search for Google Authenticator or Microsoft Authenticator. It should also be possible to find one for Windows Phone. Google authentication should be the preferred 2FA method.
Push the 'Enable google authentication'-button.
From the downloaded app, scan the QR-code. Input the generated code and push Submit.
In the authenticator app, a new section is added with OCS HR SelfService and the user id.
This app will generate new codes every 30 sec., that can be used for logon.
After 2FA is enabled, and at least one provider is verified, a new window will appear after logon. If multiple 2FA providers are enabled, a drop down is shown, with the possibility to select.
If only one provider is enabled, the window asking for the 6 digit code is shown.
If the user click remember browser, it is not necessary to do 2FA any more in this browser on this computer.
The dashboard functionality is a new and easier way to administer the users front-page. With this functionality individual dashboards can be created based upon the individual need. Each user can select their own dashboard, and it also possible for individual users to create their own dashboard.
The dashboard functionality offers different layouts, and also makes it easier to fully use the whole available space of the front-page. If not creating and setting dashboard, the existing front-page is used.
A new page is created to add and edit dashboard. The page is controlled by page access
The page is found in the admin menu. If other user than admin should be able to add and edit dashboard, it is recommended to move the page to another menu spot.
The page is divided into three sections. The first section shows existing dashboards and a button to create new.
Select an existing dashboard to edit layout
The next section is for editing the dashboard name, and select Layout
Description shown to users with data language 1 (EN)
Description shown to users with data language 2 (NO)
The link to the page to open. If in doubt go to Menu admin and combine the data in Url + Page to find the correct SelfService link. External links are also possible. If link added starts with http or https a new page is open. Internal SelfService links should start with ~/ as in menu.
Select the wanted layout for this dashboard. 8 different layouts are available. The layout decides how the page is divided into sections.
If this dashboard should be available to other users, check Shared. If shared is checked it is still possible to limit access by user groups.
The last section is for group access. If a dashboard only should be selectable for a group of user, use group access. Group access is only applicable if the dashboard is shared.
Setup a dashboard
Use the plug-icon to edit and setup the dashboard. Add plugin to page by selecting from available plugins. Plugins can be dragged-n-dropped between sections. Plugins have a preview of content when added.
If a plugin has parameters, a gear icon is available on the header of the plugin. If static content is wanted, go to Admin Menu Text, and add 'Page content'. The static page will be available if plugin 'Page content' is used.
Using the dashboard
Each user can choose from available dashboards in their profile page.
Some parameters have been added to support mail sending from SelfService.
Settings | Setup | Properties, Action | Setup of System variables
Noreply email address
If using this setting all mails from SelfService, will use this address as the sender (from-field), not the email of the user.
Send copy of email to deputies
T/F (default F). If set to T(rue), every time a user recives a workflow email from SelfService, every user set up as deputy will receive a copy of the same mail.
The Url to SelfService.
- Showing own address in parenthesis next to copy-to-self if noreply address is used (if copy-to-self is checked your own address is put in the CC list and will only work for bulk sending as before)
- For bulk sending of email, deputies are put in the BCC list. For single sending they are put in the CC list.
- no reply address and deputies are also used for the web-inbox (internal mail).
Not in use – Crew
A 'Not in use'-check has been introduced on Crew in OCS HR. Crew marked as Not in use are removed from the dropdown in Approve Hours.
Activity is private
A new parameter has been added in OCS HR, defining selected activities as private. If an activity is marked as private, the comment on the activity is replaced by '*Privat*'
To be able to see all comments on all activity, group access must be given to selected user groups.
Show remarks on private activities /
Document describing competence
On the basic data definition of competence codes, it is possible to attach a document. This document is available for download in Employee info, tab competence and in page Own competence. This also applies when manager uses these functions.
Course registration / Competence requirement
When doing self-enrolment to an online e-learning course, the course is not available until a link is created. Since the page does not automatically refresh, the text Awaits link and a button is added to the line with the possibility to 'Refresh'.
If the user has completed an online e-learning course, the competence should be valid / green, and course diploma is received. This check is only done once-a-day, but if the user knows that he or she has finished and passed it is possible to trigger a check by pushing confirm complete.
Colors in the matrix
The analyses for the employee now uses the same color as in the manager Competence request. The colors is described behind the question mark in the heading.
Password on Payslip
A new field has been added, enabling the user to set their own password on their payslip. This password will be set when the payslip is downloaded from the payslip tab.
The same password can also be used when the payslip is sent by email, but this depends on the setup of email sending.
Access to the column is controlled by group access
Payslip password / Lønnslipp passord
To enabled password go to
Settings | Setup | Properties
Encrypt Payslip Self Service
T/F (default T). True payslips to be encrypted with password.
On-the-Job training – Show only relevant to position
In the function Show On-the-job training there is a new checkbox called 'Show only relevant to position'. A program can be assign to an employee based upon position. When this employee later changes position, the program is still attached to the person.
By using this checkbox when query for the result, only document currently 'required' (connected through position) is shown.
Activity as input period in Timesheet
It is possible to set up a default period in the timesheet window. This period was setup in Global setup
Settings | Setup | Properties
Input period hours
Choose the default input period for hour registration. Possible values are: WEEK, MONTH, TWOWEEK and any numeric value in the month
This setup has been extended with a new value 'ACTIVITY'. If using 'ACTIVITY' as input period, the period start and end date is controlled by activities used for hour registration. A dropdown with possible activities will appear below the period, and the user can select the period by selecting activity.
The next and previous arrows will also use the activity as jump to period. Manual override is allowed.
If only wanting to use this setting for a group of employees, use Group access instead.
Use activity as input-period for Timesheet /
Then only members of groups given access will have this as input period. Other user will have period set in Global setup.
The number of possible checkboxes in timesheet are extended by two.
Wait spinner – Expense items
Added a wait spinner when changing items that need to fetch data from server. For instance when changing the currency it is necessary to fetch the exchange values.
Expense grid report
Vat value and code is added to the grid report
Card integration – Nordea FirstCard
SelfService can now import credit card transactions from Nordea FirstCard.
Exchange rate and Expense items from Credit Card
If a expense item was add from an credit card transactions, the exchange rate was overwritten with the exchange rate from OCS HR if the expense data was changed. This is now changed, the exchange rate from the credit card is kept.
The report User report – User access has been cleaned up. Department access now only shows direct access to the department, or department where the user is responsible.
A section to filter by approval status are added to the query window.
To only return employee approved hours, choose Approved by role : Employee
The address format introduced in previous version messed up some of the access control on address.