Setting Secondary Authentication Requirements

Any time an employee accesses the ExponentHR website from a new computer or other device (iPhone, iPad, Tablet, etc.) a secondary security question is prompted to authenticate the user. (All users in ExponentHR establish a personal security question and answer when they first set up their user login credentials during the First-Time Login process). If the employee is not using a public computer, he/she has the option to choose to have ExponentHR "remember" the device. When this option is selected, the secondary question will not be required during future login attempts. ExponentHR will remember devices for a period of 1-12 months, as designated in the Password Management utility.

By default, this secondary authentication will be required for all users at all locations. However, any authorized IP Addresses, such as company networks, may be exempted from this secondary authentication feature by including the trusted IP Addresses in the Secondary Authentication Requirements area of the Password Management utility (as outlined below)

System administrators no longer feel it is necessary to ask employees to answer their security question every quarter when they are using a work computer. Using the Secondary Authentication Requirements section in Password Management, specify the IP addresses of the work computers that can bypass this secondary authentication process.

To set secondary authentication exemptions by location:

1. On the Management Navigation Menu, click Settings > Password ManagementSettings > Password Management.

The Password ManagementPassword Management page displays.

2. In the Secondary Authentication Requirements section, select the Activate IP Address Exceptions for Secondary Authentication Login Requirement check box.

3. Type the Internet IP address of the computers where employees should not be prompted to answer his/her security question.

Note: If your organization has multiple IP Addresses that start with the same number sequence, you can leave the last box of the IP Address blank to automatically capture all neighboring IP Addresses. For example, 041.102.400.--- authorizes the range 041.102.400.000 to 041.102.400.999.

4. Click the Add --> button to move the address to the Allowed IP Addresses list.

5. Indicate the frequency in which ExponentHR should re-prompt the user to answer his/her security question by selecting the appropriate item in the Duration of Cookie-Based Trusted Device Identification drop-down list.

6. Click the Save button.

Result: If a user attempts to perform a time punch from a computer that has not been specified in the Allowed list, they will see that the Report Time/Report Hours Only selections are not available.

Note: If you are wanting your employees to be able to record time punches from any computer, but not from the ExponentHR Mobile website, please contact ExponentHR Client Services.