Phoenix Security Management

From Phoenix
(Redirected from Welcome to Phoenix)

Phoenix Security Management

In the security top menu, domains, roles, users and security configuration of the system can be managed.


Domain Management

The Phoenix supports the segregation of data to support multiple organizations e.g.

Justworks PEO and Justworks ASO. We can create a separate domain for each of the organization. Within the same database data for both organizations could co-exist. We can have users who have access to multiple organizations or domains.


You can list and create new domains from this menu item. To create domain

from the manage Domains in the Security menu, click the Create Domain button and fill in the required details accordingly and click on the Create button. The domains will be created.





Role Management

All users with similar security are grouped into a role in Phoenix. The role defined security for each module that users within that role can have.  The security level for each module has following security types:

All Access

View Only Access

No Access

You can list and create roles from this menu item. To create a new role, you should click on the Manage Roles in the Security dropdown menu. Click on the Create Role button, and the following screen will be opened.



Provide the Role Name and description and choose the Active dropdown accordingly. For the Single Domain dropdown, the system has two options i.e. Yes and No. If Yes is selected then a user can provide only a single domain otherwise if No is selected then a user can provide multiple domains.




Now, in the All Modules dropdown, select Yes if a role needs to have access to all the modules or select No, if a role wants to give access to the selected modules and select the modules as shown below:




Super users or very high-level senior executives may need to have access to all the modules, and it can easily be done by select “All Modules” to “Yes”.  For the majority of other roles, security should be defined carefully module by module. In the screen below, for each module select the right value in drop down.





The Phoenix system has 4 menu systems, and one must be selected.  The menu system provides the right number of top menu items based on the menu system selected.



An example of a Menu System is as follows:-

IT Admin



IT Super Admin



Provider Admin



Provider User


The Users Button allows one to see the number of users to whom a particular role is allocated and the Audit button displays the fields that were updated.




User Management

All users who need access to Phoenix system in any capacity should be added in user management and a role should be assigned.  There are many required fields that must be filled.  Each user must have a unique username to log into the system and could be generated by the system by pressing “GENERATE USERNAME” button. Security is defined by the role. If a role has multiple domain access, the user will automatically have access to all the organizations belonging to those domains. To create a user, click on the Manage Users in the security dropdown and then click on the Create User button at the top left of the screen.



Fill up all the required fields and press “Generate Username” button to automatically generate the username. The username can be overridden if required.

Role must be carefully assigned as it governs the security of the user.





Lock field is used when a user crosses the max limit of entering the wrong passwords into the system as defined in the security configuration.



Active dropdown is initially “No” during the new user creation. In normal process, user is supposed to activate the email, which will be sent after the user is created. Users can be made active without proper email and is not desirable.  A proper active email address allows the user to do many securities functions in self-service mode.


To deactivate user, select “Yes” in the Active drop down.


Timezone should be filled to get all date time field in local times.


As soon as the create button is clicked, a Welcome email will be sent to activate the email account as described below:-



Welcome Wilson ,

Welcome to JW Phoenix Software.   This is the first email to start the process of setting your account.

Please click on the link below to confirm your email and you will be able to receive future notification from the application.

Activate My Email

Feel free to contact Support Desk for Phoenix by calling (xxxxxxx) from 8AM to 6PM Monday to Friday.

Sincerely,

Support Desk



If the link is clicked within the timeframe as defined in the Security Config, then the system will show the following message:


Account is activated successfully


Otherwise it will show the following error:


Either the link is expired or invalid. Please contact Support Desk !


If the link is expired, system administrator must resend the welcome email by pressing “Resend Welcome Email” button for the .



Once the email is verified, another email confirming the email-confirmation will be sent which will contain temporary Username and Password as shown below: -


Welcome   Wilson ,

Welcome to Phoenix and thank you for confirming your email.

We have setup your username and temporary password.  You will be required to change the password and setting up security questions by pressing the link below.
Your account has been created successfuly .

Please find the login credentials below:

Username : cwilson

Temporary Password :  165131

Change My Password


Feel free to contact Support Desk for Phoenix from 8AM to 6PM Monday to Friday.

Sincerely,

Support Desk



If the Temporary password link is also expired, it will show the following message.





Now, to fix this, system administrator has to click on the “Send Temp Password” button. This will again send the One Time Password email as shown below:



Hello   Wilson ,

Welcome to Phoenix and thank you for confirming your email.

System has provided one-time temporary password for 10 minutes.  You will be required to change the password.

One-Time Password :  505474 

Feel free to contact Support Desk for Phoenix by calling (xxxxxxx) from 8AM to 6PM Monday to Friday.

Sincerely,

Support Desk


Now, the user can reset the password accordingly and login into the system.







 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Multi Factor Authentication:-

There is one more method to enhance the security of the Phoenix system i.e. with Multi-factor Authentication.


Multi-factor Authentication is a process that will send a One Time Password (OTP) every-time user logs into the system. It will send to the registered Email, Phone or both per the configuration of Pheonix in Security Configuration.  




Below is the defined procedure to activate multi-factor authentication: -

 

  1. Whenever a user is created, a welcome email will be sent to the registered email-id of the user that contains an Activation Link as shown below.




  1. Click on the above link and email-id will be registered thereof as shown in the image below.



But, by chance if the link is not clicked within the allotted timeframe i.e. OTP Expiry Minutes that is shown above, an error will be shown as in the image below.




To tackle this out, go to the newly created user and click on the Resend Welcome Email button for new user or Send Temp Password button for the already existing user and this will again send an email for the activation.



  1. Now, when the account is successfully verified, a Successful Registration mail will be sent to the registered email-id that will contain the username and temporary password as shown in the image below. User have to change it by clicking on the link.



  1. Now, go to the login page and enter the above details. If the Multi-factor Authentication is enabled, then after entering the credentials a message will be flashed thereof showing that an email has been sent to the registered email id for the generation of One Time Password. (Initially the OTP will be sent over email as phone number is not verified yet). Enter the OTP received over the mail to generate your New Password. After entering the New password, a Mobile number verification box will be appeared, click on Yes or skip as required. If, Yes is clicked then enter the mobile number details and click on send OTP. After this, an OTP will be received over mobile phone, enter it. Here after, every time when a user wants to login then after entering the username and password, an OTP will be sent for multifactor-authentication.



  1. Now enter the OTP received over the email/phone as shown below to login in to the system. As soon as the login is successful, the system will be redirected to its homepage.



  1. As shown above, we have 3 types of multi-factor authentication available with the system i.e. Email, Phone or (Email + Phone). It depends on us what type of authentication we would like to use.
  2. If we would like to use Phone as an authenticator then for this, phone number of the user must be verified first otherwise an error will be flashed as shown below.



  1. To tackle this out, login to the system with the credentials received over the email and go to My Settings as shown below.





  1. Here we can clearly see that the phone number is not verified yet as shown below. To verify the phone number, Choose the country code, enter the phone number and click save. Then  Validate Mobile Phone button will be enabled as shown below.







  1. Now click on the Validate Mobile Phone button and an OTP will be send over the Phone as shown below.




  1. Enter the OTP and Mobile number will be registered and we can see this in the My Settings as shown below.


  1. If by chance a user forgets the password, click on the Forgot Password? link and fill up the Username and registered email id and click Forgot password button on the login, an email will be sent over the mail to reset your password as shown below.



  1. Now click on the link and an OTP will be sent over the registered  phone number as shown below and on email too. We can choose which OTP we want to enter accordingly. Enter the OTP and you can reset to a New Password.