Administrators with [OTP 2-Step Authentication Settings] and [Allowed Access IP Settings] permissions can set up 2-step authentication via OTP and configure allowed access IPs respectively.
Administrators with [Login Settings] permission can configure various security settings related to login, such as password rules, expiration periods, and auto-logout intervals. Additionally, you can determine whether to allow flex access during leave of absence through the leave of absence login permission settings.
Administrators with [Audit Log View] permission can check the history of who accessed and modified various sensitive information, including login records, personal information access records, and permission change records of members registered in flex.
2-Step Authentication (OTP Settings)
You can enable OTP login settings in the bottom left menu [Settings] → [Security & Authentication] settings.
Click the [2-Step Authentication Excluded IPs] tab, and set excluded IPs so that OTP authentication is not required from those IPs.
[Member OTP Reset] is used when a member changes or loses their device, or when a member enters the wrong OTP 10 consecutive times, which blocks OTP entry for 24 hours. If you want immediate unblocking, please proceed with the OTP reset!
When logging in with a Google account, you can log in regardless of the OTP setting.
To enhance security, we recommend setting up 2-step authentication on Google login itself.
If you're wondering how members can log in when OTP is set up, please refer to the guide below!
Go to OTP Login Guide
Allow Access from Specific IPs Only
Go to the bottom left menu [Settings] → [Security & Authentication], and enable the Allow Access from Specific IPs Only option.
By default, the super administrator can access flex anytime from anywhere regardless of this setting.
However, if you want the super administrator to also access only from the configured IPs, please enable [Apply to Super Administrator].
Click the [Allowed Access IPs] tab → Register the IP addresses you want to allow access from. You can use [+ Add Current Access IP] to register the IP connected to your PC with a single click.
After entering the IP, press Enter and then click [Allow Access from Specific IPs Only] to save the IP.
Click the [Function Restriction Scope Settings] tab to choose whether to restrict all functions or only work records when accessing from non-allowed IPs.
If the IP changes within a specific range or you have IP ranges, click the CIDR notation button to enter IP ranges.
Login Settings
Go to the bottom left menu [Settings] → [Login Settings]
You can proactively prevent weak password settings through password complexity and expiration period settings.
You can safely protect members' accounts through login lockout settings and auto-logout settings. Accounts locked after n failed login attempts can log in again through password reset.
Through the Leave of Absence Login Settings, you can set whether employees on leave can access flex. If members need to submit a return-to-work application through the flex web or app, please enable this setting.
Select the member to [Issue Temporary Password] and send a temporary password to the member.
When the member logs in, the temporary password expires immediately and a new password must be set.
The temporary password is valid for 24 hours. If the time has passed, please issue a new one.
Issuing temporary passwords can only be done by the super administrator for security reasons.
Audit Log
Click [Settings] → [Audit Log], and use the activity type, user, event, information type, and date range filters to check information.
The available viewing and download period varies depending on your subscription plan. Please take note!
Core HR Plan: Up to 7 days of data viewing and download available
Click the [User] filter, and select individual members or organizations to check the audit log for specific members or members within a specific organization.
Click [Download Filtered Results] at the top right. A download link will be sent via email, and clicking download in the email will allow you to check the notification in News and download the file.
FAQ
What is the maximum number of IPs that can be registered?
What is the maximum number of IPs that can be registered?
You can register up to 100!
What information can be checked in the audit log?
What information can be checked in the audit log?
Activity Type: Personal information access, Login, Permission change
User: Select a member to view by specific member
Event: View by Download, Create, View, Edit, Delete
Information Type:
Authentication Token: When a login is performed, it is shown as the Authentication Token type.
Personal Information
Income Information
HR Information
Attendance Information
Contract Information
Social Insurance Information
Year-End Tax Settlement Information
Other
2-Step Authentication (OTP) setting change status
2-Step Authentication member (OTP) reset history
Temporary password issuance history
Specific IP access permission setting change status
Connection information device Id / user agent
When downloading the audit log, device Id / user agent is included, allowing you to identify cases where multiple different account login attempts were made from a single device.
Changes other than the above information are difficult to verify. Please contact the flex team if needed!
I registered allowed access IPs and am using them, but I cannot start work on the web.
I registered allowed access IPs and am using them, but I cannot start work on the web.
Please check if the company IP has been changed recently, and if it has been changed,
go to [Settings] - [Security/Authentication Settings] - [Allowed Access IP] tab and add the changed or new IP.
I entered an IP but it was not registered.
I entered an IP but it was not registered.
After entering the IP, please press Enter.
When logging in with 2-step authentication (OTP), the message 'Too many requests.' keeps appearing and I cannot log in.
When logging in with 2-step authentication (OTP), the message 'Too many requests.' keeps appearing and I cannot log in.
Regardless of the time, if 2-step authentication attempts accumulate to 10 or more within 24 hours, OTP login becomes unavailable. In this case, a company administrator needs to perform [Member OTP Reset].