Sitrion Deskless Worker Authentication Options

Table of Contents

Overview

What scenarios does this document cover?

Available Solutions

1.Upload users to ONE with known personal emails

2.Upload users to ONE with no known personal emails

3.Custom user registration

Overview

Many organizations do not have a companywide Single Sign On (SSO) Authentication provider or corporate emails for all employees. This situation can make employee provisioning difficult for organizations to provide access to all employees to the Sitrion ONE platform. Sitrion has extensive experience in handling these scenarios for our customers. This document is intended to provide new customers and prospects their options to solving this situation.

What scenarios does this document cover?

If you fall under one or more of the below scenarios the solutions provided in this document can resolve your employee provisioning hurdles.

1. My organization does not have SSO for all employees.
2. My organization does not provide corporate emails for all employees

Available Solutions

1.  Upload employee accounts to ONE with known personal emails

If your organization has a record of employee personal emails, the Sitrion ONE platform allows you to upload lists of employee accounts using the tenant admin console or via the Sitrion ONE User and Group sync feature. This option requires that your organization prepare a CSV document with details of all employee  you wish to grant access to the application.The file is required to contains their personal email address, first and last name. A default password can also be provided, but this is optional.  Once added to Sitrion ONE employees will get an email welcoming them to the system with user id and temporary password details. Once an employee logs in for the first time, they will be prompted to update their passwords. This option is the easiest of all the options to implement.

For this option the employees have the following experience:

1. Employee receives an email from the Sitrion ONE platform indicating their account is ready
   1. Email can be branded
   2. Email contains links to mobile app
2. Employee downloads app via link provided
3. Employee logs into the app with the provided credentials
4. Employee is asked to enter a new password
5. Employee is then granted access to application

2. Upload users to ONE with no known personal emails

If your organization does not have a record of employee personal emails, you can still upload employee accounts to the Sitrion ONE application with pre-determined user ids and predetermined passwords. With this option as with the last option, a CSV document containing employee user ids, first name, last name, password can by uploaded via the tenant administration or the Sitrion ONE User and Group sync feature.  For users to be able to reset their passwords, they will need to provide an alternate email via Sitrion’s Profile capability to support self-service password reset.

For this option the employees have the following experience:

1. Employee is communicated their user id and password via existing communication channels.
   1. Email, newsletter, intranet, business/access card ect..
   2. Communication would need to provide instructions on how to download the app and get logged in.
2. Employee opens app and enters provided credentials.
3. Once successfully logged in, the employee is granted access to application.
4. If self-service password reset is desired, user must open their profile and update their contact email.

3. Custom user registration

If neither of the above options are desired the last option is to have a custom user registration process where users can self-register by first proving their identity and then providing a personal email and password. This option requires a service be built that allows for employees to validate their identity. The validation information can be generic for all users, which is less secure or can be specific for each user which is more secure but requires your organization provide this data for each user. Validation information can be in the form of date of birth, social security number, employee id, a PIN, a catch phrase, or any other information that can be used to validate a user.

For this option the employees have the following experience:

5. Employee downloads the app.
6. Employee is asked to provide a personal email.
7. Employee is presented a validation challenge.
8. Once validated, the employee is prompted to provide a password.
9. Once registered, the employee can then log in using the provided personal email and password.
10. Once successfully logged in, employee is granted access to application.