Access Method Profiles

Access Method Profiles enable organizations to change a user's Role Profile based on different criteria. You can define the components that a user can access from different locations, corporate or personal devices, or from the mobile app. You do this by mapping a Role Profile to access method types (Known IP, Mobile Device or Workforce Mobile) and corresponding access method values.

Note: Access Method Profiles extend the capabilities of Known IP Addresses, which are tenant-wide, to the user level.

For example, a manager could access all manager functions while at work, including editing the schedule, responding to requests, and creating reports, but only limited functions while at home such as view the schedule but not edit it and view employee requests but not approve or reject them. To configure this example, you could do the following:

  1. On the Known IP Address page, define an IP address for the work site called WorkIP.
  2. On the Role Profiles page, define a Role Profile called Manager-work for the manager's worksite activities and another Role Profile called Manager-home for the manager's home activities.
  3. On the Access Method Profiles page, create a profile that maps access method types and values to the two Role Profiles:
  4. Access Method Type Access Method Values Role Profile
    Known IP WorkIP Manager-work
    Known IP All Unknown IPs Manager-home

Similarly, you could limit the manager's mobile access to corporate devices by creating an Access Method Profile with the following characteristics:

Access Method Type Access Method Values Role Profile
Mobile Device Corporate Manager-work
Mobile Device Personal Manager-NoAccess
Note:
  • When an employee logs in to the system, a Role Profile is assigned based on the employee's Access Method Profile. 
  • When a manager with multiple roles logs in to the system, the default Role Profile is assigned based on the Access Method Profile,  but the Function Access Profile and Display Profile change when the manager's changes role.
  • If you are using Delegation Authority, the default Role Profile is based on the Access Method Profile assigned and changes when the Delegation Profile changes

  • The IP restriction enforcement being enabled is not required for known IPs to work with Access Method Profiles. Known IPs are referenced even if enforcement is disabled.

To create an Access Method Profile:

  1. From the Main Menu, select Administration > Application Setup > Common Setup > Access Method Profiles.
  2. On the Application Method Profiles page, select Create .
  3. On the Create Access Method Profiles page, enter a name and description, click Create In the Access Method Profile Mapping table, then complete the following In the Create Access Method Profile Mapping glance (also known as a contextual call-out) Provides information and actions in a dialogue box for an item on the screen when the user right-clicks or taps the item.:
    1. Access Method Type — Select from the following:
    2. Known IP — Restrict access to a Known IP Address
    3. Mobile Device — Restrict access to a corporate or personal mobile device.
    4. Mobile App — Restrict access to the UKG Pro Workforce Management™ mobile application.
    5. Access Method Value — Depending on the Access Method Type selected, provide the following information.
    6. Access Type SelectedAccess Method Value
      Known IP

      Depending on the IP addresses configured on the Known IP Address page, select from the following:

      • All Known IP Addresses
      • All Unknown IP Addresses
      • A listed IP address
      Mobile Device

      Depending on the user's type of mobile device, select from the following:

      • Corporate
      • Personal

      Note: Corporate Devices are owned by your organization compared to Personal Devices that are owned by individual employees. Corporate Devices are configured by an Enterprise Mobility Management (EMM) provider. Refer to the EMM topics in the online help for more information (Administration > Mobile App > EMM > Managed App Configuration).

      Mobile App

      Depending on whether the user is accessing the system from the UKG Pro Workforce Management™ mobile application:

      • Yes
      • No
    7. Role Profiles — Select a Role Profile that has been defined for your organization.
    8. When finished, click Save.
  4. To change entries in the table, select an entry and click Edit and to delete an entry, select an entry and click Delete .
  5. When using multiple mappings, select a row and use Increase Priority and Decrease Priority to define the precedence of the mappings.
  6. Click Save.
  1. From the Main Menu, select Administration > Application Setup > Common Setup > Access Method Profiles.
  2. On the Application Method Profiles page, click Edit .
  3. On the Edit page, select one of the following:
    • To edit the existing profile, select Save changes everywhere that the named entity is used
    • To duplicate the profile or create a new profile based on the selected profile, select Save as a new named entity.
  4. As necessary, change the name and description and modify the Access Method Profile Mapping table as described in Create Access Method Profiles.

  5. When finished, click Save.

  1. From the Main Menu, select Administration > Application Setup > Common Setup > Access Method Profiles.
  2. On the Application Method Profiles page, select a profile click Delete .

You assign Access Method Profiles in the People Information component.

  1. From the Main Menu, select Maintenance > People Information.

  2. From the People Information page, select a person from the list and from the Employee section, expand Access Profiles.

  3. From the Access Method Profile drop-down list, select a profile.

  4. Click Save.

Note: Users can only be assigned one Access Method Profile.