How do you handle ESS Security?

 6 Replies
 0 Subscribed to this topic
 68 Subscribed to this forum
Sort:
Author
Messages
psfunkytek
Basic Member
Posts: 13
Basic Member

    We are upgrading to 9.0 Apps in April, but our OE will be handled in 8.03 (9.0 Environment) in March.  I was mortified when our IT department told me that in order to use self service, employees would have to have a Windows network ID, and their initial login MUST be in one of our locations, on a company computer on the company network (appearently subsequent logins will be available via internet at their home).

    We are a retail shop with almost 3,000 employees and most locations have one computer terminal.  In addition, we have many part-time employees who don't work frequently.  With that demographic, this seems like a burdensome requirement and I'm wondering if everyone has handled security this way or is there something better that our consultants/IT are just not aware of.

    The more dificult the process, the less likely the implementation success (or percieved success) and this just sounds way to complex to be real.

    Thanks!

    Roger French
    Veteran Member
    Posts: 549
    Veteran Member
      No reason to be mortified. Everyone will come out alive, trust me. :)
      If you want employees to use Self-Service (there's a reason it's called Self-Service..... employees serve themselves), each employee must have a unique ID and password.
      I've seen this situation many times in the past... part timers, or employees who don't normally have or use an ID, or don't have email, and then the company wishes to implement self-service. Or other types of non-traditional ID non-users.
      Well if the company wants to allow employees to use self-service, then yes, employees must have their own unique ID and password. If the burden is such that IT doesn't want to create new IDs/passwords/emails for these type of workers, then let them use your 'old', current way of doing thins. Nothing wrong with that.
      It's a major 'paradigm' shift for these types of companies, mostly for the good, to use Self-Service. Yes, some locations may have to share a computer (think kiosk), and that's OK. Any good IT shop or consultant knows or figure out what's going on and will recommend the best solution. It's not complex really, the whole idea of this needs to be clearly explained and presented.
      Roger

      Posted By psfunkytek on 02/01/2010 07:22 PM

      We are upgrading to 9.0 Apps in April, but our OE will be handled in 8.03 (9.0 Environment) in March.  I was mortified when our IT department told me that in order to use self service, employees would have to have a Windows network ID, and their initial login MUST be in one of our locations, on a company computer on the company network (appearently subsequent logins will be available via internet at their home).

      We are a retail shop with almost 3,000 employees and most locations have one computer terminal.  In addition, we have many part-time employees who don't work frequently.  With that demographic, this seems like a burdensome requirement and I'm wondering if everyone has handled security this way or is there something better that our consultants/IT are just not aware of.

      The more dificult the process, the less likely the implementation success (or percieved success) and this just sounds way to complex to be real.

      Thanks!

       

      psfunkytek
      Basic Member
      Posts: 13
      Basic Member

        I just want to clarify, it's not the individual LAWSON User ID and password that I have a problem with, it the requirement to setup WINDOWS Network User ID and password AND the requirement that the login (to both Windows and LAWSON) happen at a location.

        We've already confirmed that some 98% of our employees have e-mail addresses and most of those have computers at home (they are required to apply online), however it sounds burdensome to be required to maintain windows passwords (manually, no less) and if they cannot login at home on the INTERNET as opposed to the company INTRANET, I believe the participation will be limited with only one terminal (which most employees are not allowed to use) per location.

         

        Joe O'Toole
        Veteran Member
        Posts: 314
        Veteran Member
          There is no realistic way around the ESS user having a unique domain account for their own protection. We have a shared computer in our retail locations that our self service user utilize. We run a generic Windows login and they only need to supply their personal credentials to enter ESS. This works well for us from a security standpoint since the ESS ID's can be tightly controlled (IE: deny local login, etc.). We have software that automates account provisioning and deprovisioning and it is not burdensom at all to manage once everything is set up. While most employees would probably log in initially at the work location so they could get assistance from a manager or colleague, I'm not seeing the reasoning behind the initial login having to occur at the store (unless your remote access is not yet available). Setting up ESS for remote access is not a simple undertaking, however many shops including mine have found that the benefits of giving users access at home outweigh the setup effort and perceived risk. Our biggest frustration is with the volume of users that forget their passwords. We even have a password reset portal and many users can't remember their challenge answers either so it still ends up being a call to our helpdesk.
          psfunkytek
          Basic Member
          Posts: 13
          Basic Member
            Joe, would you mind sharing detail on how you setup your password reset portal? we are still do this manually and it is a super hassle.

            Thanks,

            My direct e-mail is
            psfunkytek@yahoo.com
            Joe O'Toole
            Veteran Member
            Posts: 314
            Veteran Member
              There are numerous products on the market to do this and they have come down in cost quite a bit over the last 2 years. We use the SSRPM product from Tools 4 Ever. The implementation was fairly simple and it can be tailored to your companies requirements. There are basically 2 links you deploy to your menu - 1) For indiviuals to setup / modify their reset questions and 2) To do the reset if an idividual forgot their password. The only struggle we have is that many infrequent users forget the answers to the challenge / response questions so we need to reset manually anyway. Sometimes you just can't win!
              psfunkytek
              Basic Member
              Posts: 13
              Basic Member
                Thanks.