Changes for Self-Service User Account

Use the Changes for Self-Service User Account page to:

Note: For the current release, Single Sign-On is available to select Ceridian customers in limited availability.

By default, all Ceridian Self-Service users are assigned the Employee role when you set up their user accounts. Assign users only the additional roles they need for their job functions.

For Single Sign-On users, enabling the account gives the user access to Single Sign-On applications. Disabling the account prevents the user from logging in to Single Sign-On applications, but doesn't impact the user's ability to access the application outside of Self-Service.

Contents

Passwords

Non-employee user accountsTop

Non-employee users don't have an account in HR/Payroll and therefore don't have a DesktopAccount record. Non-employee user accounts are typically used by Ceridian personnel to implement and troubleshoot features of Self-Service prior to putting a customer into production on Self-Service. Human Resource Outsourcing (HRO) personnel also use these accounts for administrative activities for HRO customers. Customers can use non-employee user accounts to test Single Sign-On before rolling it out to all of their employees.

Passwords Top

The ability to reset a user's password depends on whether your company is using Single Sign-On and if so, who is defined as the identity provider. The identity provider is defined when the client information is set up on the Single Sign-On Configuration page.

In all other cases when the client is the identity provider, the Password field isn't displayed on this page.     

Password requirements

When you enter a new password, the password:

The reset password is a temporary password. The user is prompted to change the password the first time the user logs in.

Challenge questions and answers Top

During configuration, if your company has enabled the Challenge Questions and Answers option, users can change their own passwords at any time. If the user exceeds the maximum number of allowed unsuccessful attempts to answer challenge questions, the user's account is locked. When this happens you receive an email to inform you that the user's account is locked. When you reset the user's password, the Challenge Questions Lockout check box on this page is cleared.          

The Challenge Questions and Answers option is available to all users other than Single Sign-On users who don't have direct access to Self-Service. For more information, see About Changing Your Password Using Challenge Questions and Answers.  

PSID assignment Top

If your company allows PSID assignments, you can select the PSIDs that the user is allowed to access on the Preliminary Information for New Hire page. If the user is a manager, this makes it easier for the manager to select the correct PSID when hiring a new employee.

Single Sign-On Information Top

Set up the following information for Single Sign-On users in the Single Sign-On Information section:

For clients who use the ... Do this ...

Ceridian Self-Service Single Sign-On solution

  • Indicate if the user is included in a group of users selected for limited roll out of Single Sign-On in Self-Service. This option appears if the activation status on the Single Sign-On Configuration page is set to Activate (limited). Users in this group use an alternate URL to log in to Self-Service. You can get the alternate URL from your Ceridian Customer Care Representative.
  • Indicate whether the user is allowed direct access to Self-Service. This option appears if the client information on the Single Sign-On Configuration page allows direct access to Self Service for select users.
  • Optionally enter a user ID to override the default user ID. The user ID exception message explains why the exception occurred and you can decide whether entering a user ID override would help resolve the exception

Note: The user's initial transmit status from Single Sign-On and the Single Sign-On user ID are also displayed for reference.

Ceridian Self-Service Single Sign-On 2.0 solution

  • Optionally enter a user ID to override the default user ID. The user ID exception message explains why the exception occurred and you can decide whether entering a user ID override would help resolve the exception.

Note: The user's Single Sign-On user ID are also displayed for reference.

Security Image option Top

During configuration, if your company has enabled the Security Image feature, users can set up a security image for additional security. Self-Service offers two options for the security image when you configure it on the Security Image Settings page:

Note: If your company has enabled the security image feature, your log in flow may be different than the flow described in this help topic. For more information, see  About Security Images.   

Note: The Security Image feature is available to all Ceridian Self-Service users and Ceridian Self-Service Single Sign-On 2.0 users. For more information, see About Ceridian Self-Service Single Sign-On Solutions.

To change a user account Top

  1. Open the Changes for Self-Service User Account page.
  2. Enter a new password if the user:

    If your company is using Single Sign-On and is acting as the identity provider, the Password field doesn't appear.

  3. Click Manual Account Disable to block the user's access to Single Sign-On enabled applications.

    This setting overrides the password lockout status and challenge question lockout status and can be used to disable an account for reasons other than the user exceeding the maximum number of login attempts or the maximum number of attempts to answer challenge questions.

  4. If the Security Image Lockout check box is filled, click the Reset Security Image check box to reset the user's security image.

    This setting unlocks the user's account and requires the user to select another security image.

  5. If the employee is being rehired, click Rehired Employee to display the benefits enrollment link on the Home page.

    The default is to not display the benefits enrollment link. This option is available only if your company has chosen to enable it on the General Benefit Settings page. After the rehired employee has completed enrollment, this option is read-only.

  6. Select one or more roles.
  7. In the PSID Assignment section, do one of the following:

Note: If you need to add another PSID at a later time, you must follow this same procedure to add the new PSID. You must also add the PSIDs to which the user previously had access when you update a user's PSID assignments.

  1. In the Single Sign-On Information section, for clients who use the:
  2. If the activation status allows rolling out Single Sign-On to a limited group of users, indicate whether the user is included in the group.
  3. If the client configuration allows direct access to Self-Service for select users, indicate whether the user is allowed direct access.

    Make sure to get the direct access URL from your Ceridian Customer Care Representative to give to direct access users.

  4. Enter any user ID overrides for the user's Single Sign-On enabled applications.
  5. Click Save.

To change a non-employee user accountTop

  1. Open the Changes for Self-Service User Account page.
  2. Enter a new password if the user:

    If your company is using Single Sign-On and is acting as the identity provider, the Password field doesn't appear.

  3. Click Manual Account Disable to block the user's access to Single Sign-On enabled applications.

    This setting overrides the password lockout status and challenge question lockout status and can be used to disable an account for reasons other than the user exceeding the maximum number of login attempts or the maximum number of attempts to answer challenge questions.

  4. Select one or more roles.
  5. Click Save.

To remove a PSID assignment

  1. Open the Changes for Self-Service User Account page.
  2. Click the PSID to remove from the user's access.
  3. Click Remove.
  4. Click Save.

Related topics Top