/
Feature - EP-3691 Role Switching
  • Complete
  • Feature - EP-3691 Role Switching

    Loaded LiveJan 9, 2024

    Overview

    User account switching has been introduced into epaPRO to allow users who perform multiple business roles to switch seamlessly between their accounts.

    Note we do not support the use of shared accounts (multiple users using one login & password) as mentioned with MFA Feature - EP-3559 Multi Factor Authentication in epaPRO

    Changes to Functionality

    User Profile

    The existing “Linked accounts” tab has been renamed to “External Calendars & SSO”, as this helps differentiate from the new functionality and also gives a better description of the contents within that tab.

     

    A new tab has been introduced called “Associated epaPRO Accounts”. This tab can be used to keep track of the accounts linked to the logged in user, as well as link new accounts.

    Note that adding a linked account from within this screen will label the current logged in account as the “primary” account. Once this has been done, only the primary account can make changes to linked accounts.

    Because of this, please be sure to link accounts from the account you use most often.

    Associating a new user account

    A new user account can be linked by clicking the “Associate epaPRO User” from within the new “Associated epaPRO Accounts” tab. Clicking this button will open a new modal, with the following options to link accounts:

    Associate an epaPRO user option, with SSO enabled

     

    • Via SSO

      • This section (if applicable) will show any epaPRO accounts that share any SSO login as the logged in user.

      • Users will be able to associate a user by clicking the “Associate” button within the “Actions” column. Note that this button will be greyed out in the following scenarios:

        • The user is already associated with the logged in epaPRO account

        • The user is already associated with a different epaPRO account.

        • The user shares an SSO login with the logged in user, but the user is currently not logged in with that SSO login (i.e. the user shares a Microsoft login, but the user is currently logged in with Google).

    • Via User Authentication

      • This section allows a user to be linked by providing the username and password credentials of another epaPRO account.

      • If enabled against the account, the system will also request MFA verification in addition to the username and password.

    In both of the methods above, the user will need to tick the confirmation boxes at the bottom of the modal, to confirm that:

    • Neither this account, nor the account being linked, are shared accounts

    • Understanding that this will allow both accounts to switch between each other without authentication

    Note that an account cannot be linked under the following situations:

    • The user account is already linked to the logged in epaPRO account

    • The user account is already linked to a different epaPRO account.

    Viewing/removing associated accounts

    Once an account has been linked, it will display in the main table within the “Associated epaPRO Accounts” tab.

     

    If logged in with the primary account, the user can unlink an account by using the three dot menu within the Actions column and selecting “Delete”. A user account can be re-linked at any time should it be needed in the future.

    The table also shows three status columns which contain the following information:

    • Status

      • Shows whether the user account is active.

    • MFA Enabled

      • Shows what MFA methods are enabled against the user account.

    • Can Login

      • Shows whether the account can be switched to.

    Note that an account cannot be switched to unless the following criteria is met:

    • The user account is active

    • The user account is not locked

    • The user account has MFA enabled (note this only applies if the primary account has MFA enabled)

    Top menu

    The user dropdown in the top-right corner of the epaPRO window has been enhanced with the following:

    • The username of the logged in user is now displayed below the user’s name

     

    • The user type is displayed in brackets next to the user’s name, in an abbreviated format - these will show as:

      • Awarding Organisation → EPAO

      • Provider → TP

      • Employer → EMP

      • EPA Manager → EPAM

      • EPA → EPA

      • Quality Manager → QA

      • Apprentice → APP

    • Styling changes have been made to make the menu more compact, as more information is now shown here.

    • Any associated epaPRO accounts that can login will be shown under the new “Switch Account” menu sub-section.

      • Clicking on any user account will automatically log into that account, without the need for user authentication.

    New menu showing the switch option

     

    QA checks

    As part of this development, the QA engine has been updated to prevent users from QA'ing their own work when associated accounts are in use.

    If a user has an EPA(M) account that has completed an assessment and a Quality Manager user that passes other QA rules, the QA user will no longer be able to perform the QA - this is because the QA engine is now aware that this user is the same person, and therefore prevents them from QA'ing their own work.

    Impacted Areas

    • User Profile

    • Login

    • External calendars & SSO

    • QA

    Permissions

    None