Help Page

Version: 27

View recent updates in the Portal's Changelog

Overview:
The ATS Portal's main functions:
  • Timecom Monitor
    • The Timecom Monitor is a tool where users can view and filter data coming from their Time Collection Devices.
  • File Repository
    • Using the File Repository you can upload files for download by any subset of users registered on the portal. You can also download files uploaded by your supervisor.

Users can only see data (users/files) from the Companies they are assigned. If the user has more than one assigned Company, they will be able to see data from all those Companies.
This system is designed so Managers can manage their own set of Endusers without Admin intervention.

The following are the Portal's User Access Types. Each Portal user can only be assigned one:
  1. Manager (Can manage/configure their own endusers)
    • Are assigned one or more Companies
    • Can add/edit/delete Managers and Endusers assigned to their Companies
    • Will receive emails to approve or deny Endusers, only if they are assigned to the Enduser's company
    • Can edit all companies they are assigned
    • Can restrict Viewable Employee Data Sets for Endusers per Company
    • Download Permissions: Can download files assigned to their assigned Companies.
    • Upload Permissions: Can upload files only for users that are assigned to the Manager's Companies.
  2. Enduser (Can only download files)
    • Are assigned one or more Companies
    • Can only edit their own user information
    • Cannot add/edit/delete their assigned Companies
    • Cannot update their assigned Viewable Employee Data Sets
    • Download Permissions: Can only download files assigned to their Company.
On the portal you will see the word "supervisor". This means the user or users who have control over your account.
When Companies are assigned users, the users have an Access Type. (See above for more information on the Access Types)
If a Company has one or more users with the Access Type of Manager then those Managers are the supervisors for that Company. For example, when an Enduser for Company A registers on the portal then the Managers of Company A will need to approve/deny their access to the Portal.
If a Company does not have any users with the Access Type of Manager then the supervisors are the Admins and Customer Care users of the portal.

Company Management:
On the Company Management page you can add, edit, and delete Companies. Only Admins, Customer Care, and Managers have privileges to see this page.
Only Admins and Customer Care have the privilege to add/delete companies.Only Admins and Customer Care have the privilege to enable middleware, initialize the timecom db schema, and assign/revoke timecom monitor access for companies.
Users can only modify the Companies that are assigned to them.
Users can add/remove email domains associated with the Company. These email domains are used when a new user registers. The new user's email domain will assign that user to a Company and the Managers of that Company will be able to enable or delete the new user. If the email domain has more than one company assigned then the new user will get a prompt for which company/companies they want to be assigned to. (See User Management section for more info)
When a user deletes a Company, the Company along with that Company's associated data will be deleted. This means all users and files associated with only that Company will be deleted. Any user or files that belong to other Companies besides the one one being deleted will not be deleted but will be removed from that Company.

Custom Branding:
The custom branding feature is for companies that want to customize the look and feel of the portal. A company can choose to have custom branding on the Company Management page.
Usually only VARs have custom branding and VARs require custom branding. Only Admins and Customer Care users have the privilege to enable/disable custom branding.
Once custom branding is enabled then VAR users (managers) will be able to edit their custom branding configuration but not revoke it.
A company must configure a DNS record in order to use this feature. This will create a subdomain for the portal. (Ex. https://somecompany/companyList)
When their subdomain is configured they can enter it into the Company edit page along with choosing a logo, portal title, and simple or advanced branding.
With simple branding the user chooses colors for the trim of the portal. With advanced branding the user can write their own custom css file.
The user can then navigate to their configured subdomain (Ex. https://somecompany/) to see their custom branding

User Management:
On the User Management page, users can add, edit, and delete users. Endusers can only view/edit themselves.

Restrictions for all users:
  • Users cannot update their own access type.
  • Users cannot update their own Company assignments.
Managers can add/edit/delete Managers and Endusers assigned to their Companies.
Endusers can only edit their own user information

Adding Users:
There are 2 ways to add users:
  1. Through the "Add User" button on the User Management page
    • When adding users through the "Add User" button on the User Management page, a user is created but not enabled. The created user gets an email to reset their password that expires in 7 days. When the user resets their password, their account is set to enabled and they can log in using their newly created password.
  2. Through the register button on the login page
    •  Important 
      When a user clicks the register button on the login page, they will be prompted to enter their account details and password.
      Only email domains that are pre-approved by the ATS Portal are allowed to register (pre-approved email domains will be set up during the on-boarding process).
      Using their email domain we link their account to a Company also associated to that domain. If the email domain has more than one company assigned then the new user will get a prompt for which company/companies they want to be assigned to.
      All the Managers for that Company will receive an email to activate the newly registered user.
      The Managers can enable or delete the newly registered user. If there are no Managers assigned to the Company then all Admin users will receive an email to enable or delete the newly registered user.
      The user will receive an email when their account is enabled or deleted.
Restrict Viewable Employee Data Sets:
On the User Management page, Admins, Customer Care, and Managers can set Endusers to only view certain Employee Data Sets in the Timecom Monitor by restricting Viewable Employee Data Sets.
The "Available Employee Data Sets" list will be populated with all the Employee Data Sets from the Enduser's assigned companies. Admins, Customer Care, and Managers can select any number of Employee Data Sets from this list.
If no Viewable Employee Data Set is selected for a company then the Enduser will be able to see all Employee Data Sets for that company.
If an Enduser has a Viewable Employee Data Set selected for a particular company then they will only be able to view that Employee Data Set for that particular company in the Timecom Monitor. They will be able to see all Employee Data Sets for all other companies assigned.
Endusers cannot edit their own Employee Data Set Views.

Resetting passwords:
If a user edits themselves then they can update their password using their old password.
While editing another user there is an option to reset the user's password. When the link is clicked an email will be send to the user to update their password. The user can choose to reset their password or ignore the email, in which case the old password is retained. The reset password link in the email is created with a randomly generated token and expires in 7 days or if it is used. The number of days in which the token will expire is a setting that Admins can configure.
There is a "Forgot Password" button on the login page. When clicked, the user can input their username and receive an email to reset their password.
When a user resets their password their account will become unlocked, if it was previously locked.

Workday Single Sign On (SSO):
The Portal supports SSO with Workday accounts. To set up SSO with your Workday account you will need to configure a SAML SSO Link in your Workday tenant:
  1. Log in to your Workday tenant with your admin account. You must be a Workday admin to create a SAML SSO Link in Workday.
  2. Navigate to the Utilities section of the Workbench.
  3. Navigate to Create SAML SSO Link under the Actions menu. Fill in this data:
    • Name: ATS Portal
    • SAML Version: 2.0
    • Assertion Consumer Service URL: https://portal.accu-time.com/saml/SSO
    • Name Identifier: Email Address
    • Recipient: https://portal.accu-time.com/saml/SSO
    • Audience: atsPortalSpEntityId
    • Destination URI: https://portal.accu-time.com/saml/SSO
    • Issuer ID: <Your-Workday-tenant-URL> Ex: https://impl.workday.com/<tenant-name>/
    • Signature Method: SHA256
    • Message Signing: Assertion Only
    • x509 Private Key Pair: Create or use preexisting Private Key Pair
    • Add 2 attributes:
      1. First Name
        • Attribute Name: first_name
        • Attribute Value: <Your first name>
        • Dynamic Attribute Value: leave blank
      2. Last Name
        • Attribute Name: last_name
        • Attribute Value: <Your last name>
        • Dynamic Attribute Value: leave blank
    • Leave all other fields blank
    • Press OK to create the new SAML SSO Link
  4. On the following page press the Actions button. Under the SAML SSO Link menu item click Generate Metadata.
  5. Copy and send the generated XML metadata and a message explaining that you are setting up Workday SSO in an email to CustomerCare@accu-time.com. We will use this metadata to set up your tenant in the Portal.
Once Customer Care imports your xml into the application, they will notify you when you are able to log in to the Portal via Workday.
The only way to log in to the Portal is by logging in to Workday first then using the SAML SSO Link.
To use your newly created SAML SSO Link, navigate to the "View SAML SSO Link" page and click the SAML SSO Link name.
Remember you cannot log in to the Portal using the Portal's login page.

File Management:
On the File Repository page a user can add, edit, delete, and download files.

Managers can add new files, edit existing files, and delete existing files.
Endusers can only download files.

Managers assign companies to files. If a manager assigns a file Company A and Company B. Then only users from Company A and Company B can view that file.
Managers cannot edit files that can be accessed by users outside of the Manager's assigned Companies.
For example, if an Admin assigns a file to all companies then Managers will not be able to edit the file because it is viewable to users outside of their assigned Companies.

Common use case for an Admin or Manager:
A user with the email user1@companyA.com wants a file from you. You can accomplish this with the following steps:
  1. Configure their Company in the Company Management page. (if it is not already configured)
    • You will fill in their company name, industry, and "companyA.com" as their Email Domain.
  2. You upload the file in the File Repository page and add Company A as an Assigned Company.
  3. The user from company A will use the portal login page to register with their email (user1@companyA.com).
    • Remember: If their email domain, in this case companyA.com, is not configured in the Company Management page then they will not be able to create an account.
    • You can also add the user through the "add user" button in the User Management page.
  4. After the user registers, you will receive an email to approve them for access to the portal. Set their User Access Type as Manager if you are an Admin or Enduser if you are a Manager and choose Company A in the Company list.
  5. They then get an email that they were approved for the portal. They will then be able to log in and download the file you uploaded in the File Repository page.
    • If you set up the new user as a Manager, they will be able to configure new Companies, add new users, and upload files for users who are assigned to the Manager's Companies.

Timecom Monitor:
The Timecom Monitor is a tool where users can view and filter data coming from their Time Collection Devices.
An Admin or Customer Care users can give a company access to the Timecom Monitor through the Company Management section of the Portal using the Timecom Monitor Access field (only available after enabling middleware for that company).
For a user to access the Timecom Monitor, just one of their assigned companies needs to have Timecom Monitor Access.
The user will only see the companies in the Timecom Monitor that have been configured with Timecom Monitor Access. (See Company Management Section for more info)
Endusers can be configured to only view certain Employee Data Sets per Company. (See User Management Section under the "Restrict Viewable Employee Data Sets" header for more info)