This function is accessed from User rights > Access to the Kelio system. It allows you to manage passwords and the origin of the login to the software.

Click to enlarge/reduce        Password administration

Click to enlarge/reduce        Password setup

Password administration

This tab allows you to define:

the number of days after which the system will require users to change their passwords

whether users are required to change their password during their first login if another user has changed this password in the employee file or the user rights file

the number of incorrect entry attempts after which logging in will be prohibited

the number of days during which a password that has already been used will be prohibited

whether the check box to store the password will be accessible from the identification page

the number of hours after which the temporary password expires

the number of days until the password from an initialisation or reinitialisation email expires

Configuration of the password protection

This tab allows you to define:

the minimum number of characters in passwords

the minimum number of special characters

the minimum number of upper-case letters

the minimum number of lower-case letters

the minimum number of numbers

Multi-factor authentication (MFA)

Multi-factor authentication (MFA) is an authentication method in which the user must provide at least two verification factors to access a resource (Kelio in this case). The 1st factor is the login/password. MFA requires additional verification information. A one time usage password is sent by email once the login/password combination has been entered. You will then have to enter it to confirm the login.

icn_info

The email will be sent to addresses saved in the user file at the following location:

1.Business email,

2.Personal email 1

3.Personal email 2

If it is not possible for the user to access the messaging function, the code can be generated manually from Password supervision.

In order to use the authentication mode in Kelio, the software option Manage multifactor authentication (MFA) must be activated in the Configuration module.

Global at the Kelio entry point

Everyone is subject to multifactor authentication when logging in to Kelio.

By rights profile

Users with an associated rights profile are subject to multifactor authentication when logging into Kelio.

To associate a right, click icn_3 dots and switch the profiles required in the selected elements using the arrows icn_arrow_right. Validate. Once you have confirmed for a second time at the bottom right of the screen, you will be shown a detailed list of the users concerned. This list can be exported in CSV format.

icn_info

It is possible to exclude a person from MFA if you are using global MFA or said person is subject to MFA via their rights profile. To do this, check the box labelled Excluded from multifactor authentication (MFA) in this person's user file.

Click to enlarge/reduce        Password supervision

For all active employees in the Kelio system, the table on this page gives you:

their surnames/first names

the registered start date

the contact information

their identifiers

the status of their passwords

 

By selecting one or several people in the list, you can perform the following actions:

Lock account

Prohibit access to the Kelio application

Unlock account

Authorise access to the Kelio application after a locking

Generate temporary password

This password will be valid for the time period defined in the password Administration. Users will have to enter a new password when logging in. You can view icn_see passwordand extract temporary passwords provided the system has not been refreshed (via the Refresh button or the F5 key) or the time has not elapsed.

icn_info

By clicking on icn_see password, you can view and then send this temporary password to employees who do not have a valid email address in Kelio.

Generate an MFA code

When using multifactor authentication, the MFA code can be generated manually if a user does not have access to the messaging function. This code will only be valid for 5 minutes!

Initialise password by email

This password will be valid for the time period defined in the password Administration. Users will have to enter a new password when logging in.

icn_infohelp

A business email address must be entered in Kelio.

icn_info

If the password is lost, the employee can initialise it himself by clicking on Forgotten your password? on the home page.

Click to enlarge/reduce        Access filtering

The access filtering is used to give access rights to Kelio depending on where the user in question is logging in from. First a filter template must be created, which will then be assigned to the Kelio application systematically. You will be able to define exceptions in the user rights.

Example:

To prevent a user from clocking from a computer connected to the network of his/her organisation, a filter containing the computer’s IP address is created and assigned to everyone systematically. Now we want to authorise the user to access his/her absence requests from home so that he/she can organise holidays with his/her family. In this case, we check the box Configure an access exception for absence requests in his/her Employee - Mobile Self-Service profile.

 

Click to enlarge/reduce        Filter templates

An administrator will create the template according to the organisation’s architecture.

1.Click on icn_plus in the right-hand column.

2.Enter a Description.

3.Indicate the Authorised addresses. Values accepted are IP addresses (IPv4 or IPv6 format ), an IP addresses window (CIDR format ) or a host name. Separators accepted are a vertical bar (|), a comma (,) or a semi-colon (;).

4.Enter a Comment that explains the filter in more detail.

5.Save.

Click to enlarge/reduce        Global access

Authorise all connections allows users to log into the Kelio application from any computer or Smartphone. If you want to limit access, you must create a filter and Authorise connections from the filter model.

To authorise exceptions to this rule, you must grant the corresponding rights in the user profiles:

Profile

Right

Function

Employee - Employee Self-Service

Clock in and out or indicate attendance

Clocking/indicating attendance

 

Configure an access exception for absence requests

Make an absence request

Employee - Mobile Self-Service

Clock in and out or indicate attendance

Clocking/indicating attendance from a touchscreen device

 

Configure an access exception for absence requests

Make an absence request from a touchscreen device

Administrator - Access administration

Configure an access exception for remote access

Open a door

 

Configure an access exception for fire reports

Use the fire evacuation system

Manager - Mobile Self-Service

Configure an access exception for fire reports

Use the fire evacuation system from a touchscreen device

 

Click to enlarge/reduce        Geographical filter templates

You can define the geographical areas in which you want the use of Kelio to be authorised. Employees can then only clock in if they are geolocated in these zones according to their rights profile.

1.Click on icn_plus in the right-hand column.

2.Enter a Description.

3.Indicate the Latitude and Longitude of the area.

4.Enter the Radius around this point of reference, in metres. Use a service such as Google Maps® to work out the coordinates and exact distance for your area. Right-click on the target, Measure a distance.

5.Confirm.

 

To assign these areas to user employees, you will need to go to the rights profiles in Employee - Mobile Self-Service and Employee - Employee Self-Service.

icn_info

You can enhance your security by using IP address filtering at the same time.

icn_info

Access to the entire Employee Self-Service area can be restricted based on a workstation’s IP address.

See also:

Access to the virtual clocking terminal