Employer Website Security Enhancements
Maintaining data security is of primary importance to the ASRS. As you know, the employer side of the ASRS website requires authorization to access secured member and employer data. The ASRS relies on our trusted employer partners to assist in keeping the ASRS website secure. In our continuing efforts to maintain security, the ASRS is making some changes to assist with that security responsibility.
These changes will be in effect when you login on or after Friday, September 25th, 2015.
Administrator and Application Manager Role Changes
The existing Application Manager role will be removed and the employer will now be able to assign the Administrator role to multiple employer users. If you are currently an Administrator you will have more responsibility. If you are currently an Application Manager, you will no longer have that role. See the ACTION REQUIRED section for information about becoming designated as an administrator. If you are currently a Specialist, you will not see any changes to your access.
Eliminating the Application Manager role and allowing multiple Administrators will make the process of adding employer users, assigning roles and deactivating accounts more user-friendly and flexible.
Email Address Domain Restrictions
Email addresses used by employer users should be limited to a governmental domain or one in use by the ASRS employer. Some examples of acceptable email domains are @.gov, @.edu and @.org. Public email domains such as @gmail.com, @yahoo.com, @hotmail.com and @msn.com are not recommended for use by an employer user to ensure enhanced security. Any existing employer user with a public email domain will be able to keep that address, although the ASRS strongly encourages the administrator to provide a more secure email address that will not be accessible by the employee when they are no longer authorized to access the ASRS secure employer page.
The Administrator will have the authority to maintain a list of acceptable email domains through the Maintain Employer Contacts page.
Questions?
If you have any questions about these new procedures, send us a secure email from your Employer Login on the ASRS website.
Thank you for assisting us in keeping your data and the data of our members safe and secure.
Action Required
Employer Administrators, on or after Friday, September 25th, please login to review all registered employer users and assign the Administrator role to any employer user who is authorized to create new users, assign application access and deactivate users. The Administrator role can be assigned through the Maintain Employer Users page.
Password Expiration
Employer user passwords will now expire after 90 days. This is applicable whether the employer user is logging in regularly or infrequently. The ASRS will post a notice to the employer user 5 days before their password is to expire. The process to reset your password is very easy and should not be a significant inconvenience.
If you have not changed your password in the last 90 days, be prepared to change your password upon your first login on or after Friday, September 25th, 2015.
Employer Users Activity Report
Now that employers can designate multiple users as an Administrator, with authorization to add new users, give access to any of the online applications and deactivate users, the ASRS will provide all administrators with an activity report. Each Administrator will be able to review the website activity over the last 60 days to monitor who has been added, deactivated and who has been given access to the online applications.
Administrators can find the report by clicking on the Employer Users Activity Report link in the left navigation menu.
Assigning Application Roles to the Administrators
Administrators will be able to assign themselves access to any of the online applications through the Maintain Employer Users screen rather than the View Profile screen.
Employer User Profile Changes
Employer users will no longer be able to change their name, login ID or email address on the View Profile screen. This is a security feature designed to prevent accounts, designated to users who are no longer authorized, from being shared or passed to a new employer users. Accounts designated to users who are no longer authorized to access the ASRS website must be deactivated by an Administrator and new employer users must have their own unique account created.
Enrollment Code Auto Assigned to New Enrollment Processor
When assigning the Process Enrollments role to a new or existing user, the Administrator will no longer be required to visit a separate page and add them as a processor to the enrollment code. The enrollment code will be automatically assigned to the employer user once the Process Enrollments role has been assigned to them and they will be able to begin processing enrollments immediately upon their next login. This change will make the process of adding new enrollment processors easier and more efficient.