Resdex Enhanced Security using Login OTP for sub users
-
Upload
vridhi-chowdhry -
Category
Recruiting & HR
-
view
2.264 -
download
3
Transcript of Resdex Enhanced Security using Login OTP for sub users
RESDEX –Security and Compliance
Making Resdex - KYC compliant and secure
KYC Requirements
Verify Identity and the address of the person/entity to whom the services
have been sold.
Each recruiter account offered by Naukri to be uniquely identifiable and
verified.
Any change in the contact details needs to be revalidated in the same manner.
Security requirements
Prevent unauthorized access in customer accounts
Provide Mobile number validation & OTP based authentication for user login
Phases
Phase I
Already live
1. New sub-user creation with email-ids only
Planned
1. Old sub-user name migration to
emails with mandatory email
verification
2. Mandatory Login OTP for sub
users
3. OTP based authentication for
super users
Already Live
1. Mandatory Email verification for new sub user addition
2. Mobile number validation for sub users – Optional
Phase II
Phase III
Already Live
Address/PANCARD proof submission
Going Live
OTP based login authentication for sub
users – Optional
Phase IV
Already Live1. New sub user creation with email-IDs only2. Mandatory Email verification for new sub user addition3. Mobile number validation for sub users – Optional4. Address / PAN Card proof submission prior to subscription activation
New Sub User creation with email address only
Already Live
A super user can create a sub user with a valid email address as username
The email address entered in username will be used for communication as well
Mandatory Email Verification for new users
• All new sub users will be needed to verify their email address before they can login and start using the subscriptions.
• Steps for adding a sub user – – Super user adds a new sub user email-
id– Sub user verifies the email-id
Already Live
Pending Users section: Users in this section cannot login in the Company account or use any subscriptions. This section will be collapsed by default.
Mobile Number Optional Validation for sub users
• User will be able to add and verify her mobile number
• Super user will have the ability to add / edit mobile number of a sub user
• Users from 2 different company accounts cannot have the same mobile number verified
Already Live
Address / PAN Card Proof submissionAs per legal requirement, Know Your Customer compliance needs verified information on client identity and address
Clients will need to upload their PAN card and Address proof
KYC compliance will be required before product activation
Once approved, KYC will not be needed on every transaction
If company details are modified, then PAN card and Address proof will need to be uploaded again
Exclusion - KYC not needed
If net revenue in current FY < INR 11450 (10K+14.5% service tax)
For clients with international country code
For trial subscriptions
In case a client has applied for PAN Card:-
Client can submit acknowledgment
of PAN card application
Get 15 day waiver post approval from
Sales heads
Re-ask Client to submit PANCARD
After 15 days
Subscriptions will be reactivated from ERP without extension*
The running subscriptions will be deactivated from ERP
* Extension if any needed by the client will have to be taken up by Account manager directly with finance.
Successful
Failed
Verification of PAN Card
Already Live
Going Live
1. OTP based login authentication for sub users – Optional
What is OTP based login authentication? Users will be required to enter a One Time Password (OTP) after submitting
username/password before they can use any Naukri service. The OTP will be sent on verified email ID and mobile number.
This will be rolled out in the following 3 phases:-
Initially this will be optional. Super user can change Login OTP setting for his sub users
The Login OTP will be made mandatory for all users
Super user will need to enter Login OTP as well
Optional Phase Mandatory Phase
Going Live Planned
In the Optional Phase, Super Users can activate OTP based login authentication for users
By default OTP is OFF for all clients Super user can change Login OTP setting for
all sub users in his account from Manage Users page
Super user selects Enhanced Security setting
User A doesn’t have verified email Id as username
User A will not get Login OTP screen
User B has verified email Id as username
User B will get Login OTP screen
Going Live
Only users with verified email ID will get OTP while logging in
• As soon as super user turns OTP setting ON, he is notified about how many users will be prompted for OTP while logging in.
• Super user will need to get username of remaining users changed to valid and unique email ID so that OTP can apply to all users
Super User notification when he switches the OTP setting OFF
• OTP will become mandatory for all users and super users in 3 months.
User will be prompted for OTP after submitting username & password
If super user has activated OTP If username is a verified email ID If user’s login pattern has changed If user has not submitted OTP in last 7-10 days
1
3
2
The OTP will be sent via mail on verified email ID and SMS on verified mobile number
Users without verified email ID as user-name will not be covered under the Security setting.
In the Optional Phase, they will not be prompted for OTP while Login even if super user has enabled OTP based login.
However, they will also need to enter OTP when Login OTP becomes mandatory.
OTP for login into your Naukri user account [email protected] is 3472AtFk. This is valid for 30 minutes.
In case of delay, user can resend OTP OTP is specific to a user and login session. User A’s OTP cannot be used by User B, even if they are
in the same company account. User A’s OTP for 1 system / browser cannot be used by
User B for a different System / Browser.
OTP will expire After 30 minutes of generation If it has been used once If user has been prompted for entering OTP but has
not entered OTP for 2 hours, he will need to start again by submitting username and password.
Resent OTP will be valid for another 30 minutes Any of the valid unused OTPs can be used for
validation.
The OTP will be prompted when user logs in from CSM or NaukriRecruiter login pages well
After successful login, OTP will not be prompted for 7-10 days unless user’s login pattern changes.
Pure NaukriRecruiter profile that is not linked to any sub / super user account will not be asked for Login OTP.
Thank You