Scribd Logo
Unggah

Selamat datang di Scribd!

  • SSO Questionnaire

    Diunggah oleh

    Harvey Balce
    190 tayangan5 halaman
    SSO Questionnaire

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    SSO Questionnaire

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    190 tayangan5 halaman

    SSO Questionnaire

    Diunggah oleh

    Harvey Balce
    SSO Questionnaire

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 5

    Paycom’s Single Sign-On Questionnaire

    The purpose of this questionnaire is to provide Paycom with information about your Single Sign-On (SSO) identity
    provider environment, while allowing you the opportunity to make your own assessment of the security measures
    in place to protect employee passwords.

    Poor security measures could put you at risk for unauthorized access to employee information, e.g. bank account
    information, W-2 information, pay information, employee information, dependent information and much more.

    This questionnaire must be filled out and provided to Paycom prior to entering into an agreement with Paycom
    to enable SSO.

    What is Single Sign-On?


    SSO allows you to have Paycom authenticate employees and users against a third party identity provider, such
    as Active Directory Federated Services (ADFS), One Login and Okta, so long as you are using SAML 2.0 compatible
    technology. This takes the password management out of Paycom’s hands and leaves it in the hands of your
    identity provider.

    Because Paycom won’t be managing your employees’ passwords for you, it is important that proper security
    measures are in place.

    Password Complexity, Age and Lockouts

    1. What is the minimum required character count?

    12

    2. Are employees required to include at least one capital letter, number or special character? (Explain the
    specific complexity requirements.)

    Alphanumeric including uppercase number and special characters.

    3. How often does a password expire?

    90 Days

    1
    SSO_Questionnaire_v1.pdf Version: 1.0
    4. Do passwords ever lock out?

    Yes ✔ No

    4.1. For example, if an employee types in a wrong password several times in a row, does the account lock
    out?

    Yes ✔ No

    4.2. If yes, how many attempts do they get before they’re locked out?

    5. How long does the lockout last? For example, 15 minutes, or does someone have to reset it before an
    employee can try logging in again.

    need to reset

    Password Management and Training

    6. Are your employees’ password settings managed by someone internally or outsourced to a third party?

    managed internally

    6.1. Does the responsible party, mentioned above, assist when passwords or lockouts need to be reset?

    Yes ✔ No

    6.2 If the process for resetting passwords is automated, are there controls in place to require the
    employee to provide sufficient additional information to get passwords reset?

    Yes No ✔
    7. When creating a new account for an employee, is the same common password used every time or is it
    auto-populated with a complex password?

    same common password used.

    2
    SSO_Questionnaire_v1.pdf Version: 1.0
    8. If the password is common, is the employee required to change it when they log in for the first time?

    Yes ✔ No

    9. Are employees trained on password complexities and do they know the process to have their password
    reset?

    Yes ✔ No

    10. Are employees trained on how important password security is and what’s at stake if their password is
    compromised?

    Yes ✔ No

    Identity Provider Uptime

    11. Who is your identity provider? (Active Directory Federated Services (ADFS), One Login, Okta, other?)

    Active Directory | Single Sign-On

    12. What is the uptime (availability) of your identity provider? (If Paycom can’t contact your identity provider,
    employees won’t be able to log in.)

    NA, passwords are managed internally.

    13. Are there measures in place that monitor when the provider is down?

    Yes ✔ No ✔
    14. Are there procedures in place to get the provider back up?

    Yes ✔ No

    Thank you for your time in filling out this questionnaire. Please share this with your dedicated Paycom
    Specialist.

    By signing here, I represent and agree to the following: I am an authorized representative and signatory for the
    entity named below (the “Company”); the information provided herein is true and accurate; submission of this

    3
    SSO_Questionnaire_v1.pdf Version: 1.0
    questionnaire does not grant me nor the Company the right to access Paycom’s services via SSO; unless and
    until a separate agreement is entered into by and between the Company and Paycom Payroll, LLC, Paycom shall
    have no obligation to provide SSO to Company.

    ______________________________________________________________
    COMPANY LEGAL NAME

    ______________________________________________________________
    TYPE OR PRINT NAME TITLE

    ______________________________________________________________
    AUTHORIZED SIGNATURE DATE

    4
    SSO_Questionnaire_v1.pdf Version: 1.0
    ADDITIONAL NOTES

    5
    SSO_Questionnaire_v1.pdf Version: 1.0

    Anda mungkin juga menyukai