Feature - EP-3691 Role Switching
Loaded LiveJan 9, 2024
Overview
User account switching has been introduced into epaPRO to allow users who perform multiple business roles to switch seamlessly between their accounts.
Note we do not support the use of shared accounts (multiple users using one login & password) as mentioned with MFA Feature - EP-3559 Multi Factor Authentication in epaPRO
Changes to Functionality
User Profile
The existing “Linked accounts” tab has been renamed to “External Calendars & SSO”, as this helps differentiate from the new functionality and also gives a better description of the contents within that tab.
A new tab has been introduced called “Associated epaPRO Accounts”. This tab can be used to keep track of the accounts linked to the logged in user, as well as link new accounts.
Note that adding a linked account from within this screen will label the current logged in account as the “primary” account. Once this has been done, only the primary account can make changes to linked accounts.
Because of this, please be sure to link accounts from the account you use most often.
Associating a new user account
A new user account can be linked by clicking the “Associate epaPRO User” from within the new “Associated epaPRO Accounts” tab. Clicking this button will open a new modal, with the following options to link accounts:
Via SSO
This section (if applicable) will show any epaPRO accounts that share any SSO login as the logged in user.
Users will be able to associate a user by clicking the “Associate” button within the “Actions” column. Note that this button will be greyed out in the following scenarios:
The user is already associated with the logged in epaPRO account
The user is already associated with a different epaPRO account.
The user shares an SSO login with the logged in user, but the user is currently not logged in with that SSO login (i.e. the user shares a Microsoft login, but the user is currently logged in with Google).
Via User Authentication
This section allows a user to be linked by providing the username and password credentials of another epaPRO account.
If enabled against the account, the system will also request MFA verification in addition to the username and password.
In both of the methods above, the user will need to tick the confirmation boxes at the bottom of the modal, to confirm that:
Neither this account, nor the account being linked, are shared accounts
Understanding that this will allow both accounts to switch between each other without authentication
Note that an account cannot be linked under the following situations:
The user account is already linked to the logged in epaPRO account
The user account is already linked to a different epaPRO account.
Viewing/removing associated accounts
Once an account has been linked, it will display in the main table within the “Associated epaPRO Accounts” tab.
If logged in with the primary account, the user can unlink an account by using the three dot menu within the Actions column and selecting “Delete”. A user account can be re-linked at any time should it be needed in the future.
The table also shows three status columns which contain the following information:
Status
Shows whether the user account is active.
MFA Enabled
Shows what MFA methods are enabled against the user account.
Can Login
Shows whether the account can be switched to.
Note that an account cannot be switched to unless the following criteria is met:
The user account is active
The user account is not locked
The user account has MFA enabled (note this only applies if the primary account has MFA enabled)
Top menu
The user dropdown in the top-right corner of the epaPRO window has been enhanced with the following:
The username of the logged in user is now displayed below the user’s name
The user type is displayed in brackets next to the user’s name, in an abbreviated format - these will show as:
Awarding Organisation → EPAO
Provider → TP
Employer → EMP
EPA Manager → EPAM
EPA → EPA
Quality Manager → QA
Apprentice → APP
Styling changes have been made to make the menu more compact, as more information is now shown here.
Any associated epaPRO accounts that can login will be shown under the new “Switch Account” menu sub-section.
Clicking on any user account will automatically log into that account, without the need for user authentication.
QA checks
As part of this development, the QA engine has been updated to prevent users from QA'ing their own work when associated accounts are in use.
If a user has an EPA(M) account that has completed an assessment and a Quality Manager user that passes other QA rules, the QA user will no longer be able to perform the QA - this is because the QA engine is now aware that this user is the same person, and therefore prevents them from QA'ing their own work.
Impacted Areas
User Profile
Login
External calendars & SSO
QA
Permissions
None