Password and Security Settings

The password and security settings available within Eploy are unique to each of the 4 main user types - Candidates, Standard Users, Hiring Managers and Vendors.  

To amend the security settings for each user type navigate to Admin > Security Settings then select the appropriate user type from the list.

Several of the settings are common to all user types, but there are some differences.

Within Eploy we have included a lot of help-text, explaining what each settings means.  As a result, this article will focus on those settings which might need a bit more thinking about when configuring

Candidates

First, configure the Password Policy.  From here you can specify the minimum length of the password, whether is should be Strong or Very Strong, whether password history should be enforced (preventing the candidate from reusing old passwords) and how frequently a password should be changed.  You'll also have settings controlling whether the browsers auto-complete functionality will work and whether the candidate can request a Password Reset.

The lockout policy is where you'll define how many incorrect attempts a Candidate has at logging in before a CAPTCHA is displayed, and the duration of this lockout policy.

Finally, you can allow the use of social logins - permitting Candidates to log in to their profile using LinkedIn, Facebook or Google accounts.

Standard Users

Standard Users have access to the Core System, potentially giving them access to all your recruitment data.  Consequently, there are lots of security options to consider here.

The Password, Lockout and Social Login settings here work the same way as for Candidates.

Additional settings include:

Email Contacting Preferences - this allows you to specify whether a core user can send an email from any email address or if there should be a specific alternate address available to them.

Corporate Single Sign On - also known as SSO, this is a feature which allows you to control access to the system by linking a user account to a corporate login mechanism e.g. Office 365, Google, Okta, OneLogin, etc.  Before we talk about settings, please remember that there may be a cost associated with using SSO, and as a result it won't be available in all systems as a default.  If SSO isn't in your system and you'd like to use it, please have a chat with your Implementation Manager about using it. 

If it is included, you'll need to select your SSO provider within Eploy then enter the Entity ID and Name and provide the SSO Service URL.  You'll also be able to Force SSO, which means these users will only be able to access Eploy using SSO - there will be no Username/Password options available on the login page.  Finally, upload the relevant SSO certificate.

On top of this, additional configuration will be needed within your SSO environment.  In all likelihood this will need to be done by your IT team.  A detailed guide is available, providing information on what steps need to be followed for each SSO provider - please ask your Implementation Manager for a copy.

Corporate Calendar Sharing - these settings allow you to link your Office 365 and Google calendars with your Eploy system.  As with SSO, you'll likely need your IT Team's help with this as there is additional configuration needed within the Office 365 and Google admin systems.  For full instructions on configuring Corporate Calendar Sharing, please see this section of our Knowledge base - https://support.eploy.co.uk/hc/en-gb/sections/4434939599005-Calendar-Integrations.  Once linked you'll be able to set standard sharing options for Availability, limited details and full details.

Online Meetings - if you have linked your Eploy system with your Office 365 calendar, this will also enable you to use Teams.  If you use Zoom, this can be linked in this section - as with SSO and Calendar sharing, you may need the help of your IT Team or Zoom Administrator to link the system to your corporate account.  Click Link Zoom Account - you'll be asked to log in to Zoom and complete the rest of the linking inside Zoom.  Once the link has been created, within Eploy, you'll be able to match Zoom accounts by Eploy Username or Email address.

Permitted IP Access - this setting is used to restrict access to the Eploy Core System from any IP Address other than those specified.  to enter permitted IP Addresses, click Add then enter the IP Address before clicking Save.  Repeat this process for each IP Address.

2 Factor Authentication - this is a security feature which requires the user to enter a one-time-use code, in addition to their username and password, or SSO credentials, whenever they try to log in to Eploy.  Indicate the circumstances when 2FA should be used, then select the 2FA methods you wish to use - Email, SMS or Authenticator App (Google Authenticator).  You can also select the 2FA email template you'd like to use.

Hiring Managers

A lot of the Hiring Manager security settings behave in the same way as those for Standard Users, with the following exceptions:

• Corporate SSO - the settings applied for Standard Users will not apply to Hiring Managers.  If you'd like your HMs to use SSO, you'll need to configure this here.  You're welcome to use a different SSO provider if you wish.
• Corporate Calendar Sharing - If you have linked Calendars for your Standard Users, your Hiring Manager's calendars will automatically link as well.  You can change the visibility permissions of Hiring Manager calendars here.
• Portal Configuration - at the bottom of the page you'll find the Portal Configuration section.  This contains two Layout Manager tools and allows you to control the layout of the Candidate and Vacancy Overview tabs within the Application Dialogue, when viewed within the Hiring Manager Portal.

Vendors

The security settings for your Vendors (Recruitment Agencies) are configured in the same way as those for your Hiring Managers.  The only difference is that Vendors are not able to send emails from within the system, meaning there are no email related settings.  Additionally, there are no Calendar Sharing options, nor Portal Configuration settings.

Further Information

For more information on Password and Security settings within Eploy, please see this section of our main Knowledge Base - https://support.eploy.co.uk/hc/en-gb/sections/360005977131-Security-Settings. 

Tip to view many of the articles contained within our main Knowledge base you'll need to first access it via your Eploy Core System - log in, then use the ? icon within the blue bar and select Knowledge Base.  If the link above doesn't work, please do this then try the link again - if it still doesn't work, please let your Implementation Manager know.