Support Account Settings

Set Support accounts and use impersonation for remote access

From time to time, you may want to have a support representative log on to your tenant for troubleshooting, configuration assistance, or other activities.

To control access to your tenant, the system includes several levels of support, which you lock or unlock as needed, for example:

  • Support-Level1— Reserved for Integration Consultants
  • Support-Level2— The medium level of support
  • Support-Level3— The highest level of support

Depending on your needs, you unlock a specific level and the appropriate support representative logs on to your tenant, enters a reason ticket number for the access, and addresses the issue. When the issue is resolved, you can lock the support level.

In some cases, customer support requests require assistance from Engineering. Because of this, the following Engineering support levels are also available:

  • Engineering Support User 2— The same as Support-Level1 in addition to read-only access to Setup pages with View option
  • Engineering Support User 3— The highest level of support with full access

If you do not want any outside access, you can lock all levels.

Lock and unlock a support level

To lock and unlock a support level

  1. From the Main Menu, navigate to Application Setup > System Configuration > Support Account Settings.
  2. From the Support Account Settings page, select a support level and click Edit .
  3. On the Editing page, select Locked or Unlocked from the Status box.
  4. Click Save.

Allow proxy access for remote assistance

Sometimes the best way to resolve an issue is for the user to allow Support Personnel to access the user's environment. With the user's permission, Support Personnel (Support-Level as well as local administrators with the Super Access Function Access Profile) can use a proxy access to get first-hand experience of the user's issue and provide a resolution. Complete the following steps:

Note:
  • The ability for your tenant to use proxy access functionality is activated by Tenant Administration and a Support-Level account must be unlocked.
  • Proxy access can only be used for WFM.
  • The local administrator who can use proxy access must have the Super-Access Function Access Profile.
  • There are no different levels of access in proxy access.

Complete the following steps:

Step 1: Enable the proxy access functionality

If your environment is configured to allow this functionality, complete the following steps:

  1. From the Main Menu, select Administration > Application Setup.
  2. From the Application Setup page, expand System Configuration and select System Settings.
  3. Select the Security tab.
  4. Set the site.security.impersonation.allowed setting to true.
  5. Click Save.

Step 2: Modify Function Access Profile of employees who can grant access

Set the Impersonation access control point (ACP) for employees who can grant access to their environment. This ACP is set automatically for administrators with Super Access.

  1. From the Main Menu, select Administration > Application Setup.
  2. Expand Access Profiles and select Function Access Profiles.
  3. On the Function Access Profiles page, select the profile of the user who needs to grant proxy access and click Edit.
    Note: To identify an employee's Function Access Profile, select Maintenance > People Information from the Main Menu. Select an employee and expand Access Profiles in the Employee section.
  4. On the Edit Function Access Profile page, expand Employee and set Impersonation to "Allowed."
  5. Click Save.

Step 3: Employee grants access to Support or Administrator

The employee can now grant access to Support or a local system administrator by doing the following:

  1. Log on to the system.
  2. At the top of the Main Menu, click Settings Edit Profile.
  3. Expand CustomerSupport Access and select one of the following options:

    My System Administrator

    • No access
    • Allow for one day
    • Allow for three days

    Global Support

    • No access
    • Allow for one day
    • Allow for three days
  4. Click Save.

Step 4: Administrator or Support person accesses the user's environment

Depending on who the user granted access, the system administrator or Support personnel can now access the user's environment. The user must log off and the Support person or administrator does the following:

  1. Log on to the system with your logon credentials — Support-Level user or administrator with Super Access.
  2. Enter the reason for your access in the Reason field.

    Your home page opens and the names of the people who granted you proxy access are now listed in the Edit Profile area at the top of the Main Menu,
  3. Select the name of the person to access. The name of that person displays immediately below your name at the top of the Main Menu, for example:

    Sean Ivan Acting as Tina Edwards

  4. At this point, you are looking at environment of the end user and can work to resolve the issue.
  5. When finished, log off. Any changes you made to the user's environment remain effective when user logs on.

Audit trail

The following Audit Reports track all access made by the impersonator, for example:

Action

Audit Report

Audit Type Listed in Report

Lock/unlock Support-Level accounts

Configuration Audit Report

System Settings

Grant access

People Audit Report

Impersonation

Initiate proxy access

Security Audit Report

Impersonation

Actions performed while using proxy access

Applicable report for proxy access

Proxy Access person's name as User name