This solution describes the instructions on how to setup access and manage clients with SSO and MFA.
Single Sign On (SSO)
Single Sign On allows for the users to sign on one time for every module as opposed to signing in to each individual module. The two types are:
RDA Single Login - Using User ID and password as authentication.
Google Login - Using a Gmail email address and password as authentication. (Not available yet for Breeze SSO).
When the client uses RDA Single Login, passwords must be reset in Breeze.
When the client uses Google, passwords can be reset in 4.0.
Once they sign in, they can navigate to different modules without logging out. The login screen is a Breeze screen that will allow the user to choose between OpenRDA and Revenue Management. Revenue Management button is for both Revmgt and ESS.
Each user must have their Personnel ID set up in the security profile on the Contact tab.
When users log into 4.0, under HR/Workforce, ESS is on the drop down menu. When users click on ESS, they will be brought to the ESS login screen. If the client has Revmgt, there will be a Revenue Menu which will navigate the user to Revmgt login screen.
Multi Factor Authentication (MFA)
Along with SSO, the client can choose to also have MFA. When MFA is implemented, all users must use an Authenticator application to store Secret Keys for the sites.
The authenticator will need to be installed on a laptop or a handheld device such as a cell phone. Each site will have a Secret Key that will be used to set up the site in the authenticator. Below is an example of an authenticator. A code is displayed that should be entered on the MFA Code field. The code resets every 30 seconds.
The Secret Keys are maintained in the auth server in Revenue Management. These Secret Keys are secure and will be placed in Fresh Desk under the client notes for internal use only. Do NOT share these Secret Keys to anyone at the client site, through a ticket or phone call unless it's an approved IT person who has acces to the auth server. The client doesn't have to use RevMgt, but Revmgt Security is where the users are maintained by navigating to the Admin Dashboard (Cog wheel icon) and on the left menu go to Security - Users.
The Admin can manage passwords by right clicking on the User and select Go to Employee Master View.
Once on Master view, go to the User tab and delete the all asterisks in the Password field and type in new temporary password and click on Save at the top right.
All users will need to log into the auth site to reset their own passwords. Once logged in, they will click on the top right where it reads, Welcome, and username and click on Settings.
Click on Change Password.
New Users
Steps to add new users:
- Add new user in Security in 4.0 and include the Personnel ID in the Personnel ID field
- Set user temporary password using the Set/Change User Password process under Maintenance
- Go to System Admin - Report Generation / Devices - Define Reports
- Choose SECURITY on the left
- Select the report COPYUSERSTOAUTH on the right
- Click on the cog to run report
- Range on Personnel ID and run report - This will copy user and the password to Breeze
- Log into the auth server (selecting Revenue Management) when logging into site
- Go to Admin Dashboard - Security - Users and verify user has been added
- The new user will need to log in to Revenue Management and go to the the top right of the screen and click on the down arrow by the user ID and choose to reset password