Security

Settings and Security Settings

Settings

Settings are used to configure features in Oracle Talent Acquisition Cloud (OTAC) products.

There are two types of settings:

Global settings: Settings that affect multiple OTAC products.
Product settings: Settings specific to an OTAC product, for example, Recruiting, Career Section, Onboarding (Transitions), Performance, Reporting and Analytics.

Setting	Location
Global settings	Configuration > [Central Configuration] Settings
SmartOrg settings	Configuration > [SmartOrg] Settings
Recruiting settings	Configuration > [Recruiting] Settings
Career Section settings	Configuration > [Career Section] Settings
Onboarding (Transitions) settings	Configuration > [Onboarding (Transitions)] Settings
Performance settings	Configuration > [Performance] Settings
Reporting and Analytics settings	Configuration > [Reporting and Analytics] Settings

Settings are configured by system administrators. A default value is set prior to product delivery. System administrators can modify the value and the change will be applied throughout the product. Certain setting values can be changed by users. In that case, the value set by the user will override the value set by the system administrator.

A setting has one of the following security levels: Public, Protected, Private.

Security Level	Description
Public	System administrators can view and change the setting.
Protected	System administrators can view the setting, but changes can only be performed by Oracle.
Private	System administrators cannot view or change the setting. Only Oracle can view and change the setting.

Configuring a Setting

The security level of the setting must be Public.

The Manage Settings user type permission is required.

For global settings:

Configuration > [General Configuration] Settings

For product settings:

Configuration > [Product name] Settings

Locate the setting using the Refine by list or the Feature column.
Click the name of a setting.
Click Edit next to the name of the setting.
Make changes.
Click Save.

Restoring the Default Value of a Setting

The security level of the setting must be Public.

The Manage Settings user type permission is required.

For global settings:

Configuration > [General Configuration] Settings

For product settings:

Configuration > [Product name] Settings

Locate the setting using the Refine by list or the Feature column.
Click the name of a setting.
Click Reset next to the name of the setting.

The default value of the setting is restored and the change is reflected in the product.

Career Section Settings

A setting is assigned one of the following security levels: Public, Protected, Private.

Security Level	Description
Public	System administrators can view and change the setting.
Protected	System administrators can view the setting, but changes can only be done by Taleo.
Private	System administrators cannot view nor change the setting. Only Taleo can view and change the setting.

Career Section Settings
Setting	Description	Security Level	Default Value
Access to "View Email Messages"	This setting displays or not the "View Messages" link in the candidate portal and for all candidate portals.	Public	No
Advanced Logic Draft Submission Activation	Allow the administrator to activate the advanced logic for draft submissions.	Public	No
Always Display Profile Import Services	Determines the display of third-party profile import services on the Resume Upload block. If the setting is set to "No", the services are hidden from view when data is present in both the Education block and the Work Experience block. If the setting is set to "Yes", the services are always displayed.	Public	No
Authentication Page Layout	When configured as "horizontal", the sign-in partners section displays to the right of the username and password fields on the Login and New User Registration screens. When configured as "vertical", the sign-in partners section, and other authentication methods, displays below the username and password fields on the Login and New User Registration screens.	Public	Horizontal
Beacon Interval	Time out period setup of the Career Section. The ping frequency of the beacon in milliseconds.	Protected	300000
Candidate maximum attachment updates	Maximum number of possible candidate attachment updates per period.	Protected	5
Career Section Hits Tracking Activation	Activate the Career Section hits tracking on the customer zone.	Public	Yes
Career Section Latest Page Tracking Activation	Allow support team to activate tracking on latest page accessed by candidates in the Career Section.	Public	Yes
Career Section Services Password	This setting defines the password used in a special URL that returns the job list or the job description without using any sessions.	Public
Career Section Session Timeout for Screening Block	The total amount of time (in milliseconds) available to candidates to fill out a screening questionnaire. This setting is used to extend the time available beyond the normal session timeout value of the JVM.	Protected	1800000
Career Section URL Redirection	Indicates if Career Section links must be redirected to the alternate job list URL when they are generated for an email or for a job board. (Variable {CAREER_SECTION_URL})	Public	No
Cross Frame Protection	If this value is set to YES, checking against Cross Frame Scripting is enforced.	Public	No
Cross Frame Protection Allowed Domains	Effective when the "Cross Frame Protection" setting is set to "Yes". Lists additional domains where Career Sections are allowed to be embedded in frames. Enter domains without protocols and pipe-separated. The * wildcard is accepted. Example: *.corporation.com\|corporation2.com	Public
Default Time Zone	Indicates the default time zone for the WebTop.	Public
Disable access for candidates not using cookies	Blocks candidates without cookie support.	Public	No
Disqualified Candidates Lock Out Period	Disqualification lock out period preventing candidates from returning to their application or profile depending on where the disqualification occurred.	Public	Allow Always
Employee Referral Program URL	URL for the Employee Referral Program within the organization's Web site. Value used in the token {COMPANY_STATIC_PAGE} only for the Referral Acknowledgment letter sent to the candidate.	Public
Enable Background Check Consent Disqualification Functions	When activated for Background Check Consent, this setting enables candidate disqualification functions.	Public	No
Enable Customization of Job Submission Statuses	This setting enables the administrator to configure messaging to candidates from the "My Jobpage" area of the Career section.	Public	No
Entry File for Career Section Links	Contains the complete path of the HTML file that contains the organization frames and the Taleo frame.	Public
Faceted Search	Determines whether Faceted search can be enabled for specific career sections.	Public	No
Full Organization Name	Used to specify the organization name that must be used in the Job Application Information email and Correspondence Manager parts of the application.	Public	en=VIDE5; fr=VIDE5; es=VIDE5; de=VIDE5; it=VIDE5; nl=VIDE5; en-GB=VIDE5; zh-CN=VIDE5; ja=VIDE5; fr-FR=VIDE5
General Profile Duplicate Check Task Assignee	Allows system administrators to specify the person who will perform the duplicate check task in the Recruiting Center for candidate general profiles.
Google Structured Data Location Mapping Country	The location level configured will use the value from the requisition's location for indexing into Google's location structure of "Country". This setting is optional for the Google indexing feature.	Public	Not specified
Google Structured Data Location Mapping Locality	The location level configured will use the value from the requisition's location for indexing into Google's location structure of "Locality", which is the concept of City. When this setting is configured to "Not Specified", the Google indexing feature will be disabled.	Public	Not specified
Google Structured Data Location Mapping Postal Code	The location level configured will use the value from the requisition's location for indexing into Google's location structure of "Postal Code". This setting is optional for the Google indexing feature.	Public	Not specified
Google Structured Data Location Mapping Region	The location level configured will use the value from the requisition's location for indexing into Google's location structure of "Region", which is the concept of State/Province. When this setting is configured to "Not Specified", the Google indexing feature will be disabled.	Public	Not specified
Google Structured Data Location Mapping Street Address	The location level configured will use the value from the requisition's location for indexing into Google's location structure of "Street Address". This setting is optional for the Google indexing feature.	Public	Not specified
Invitation To Self-identify	Activated Flow for Invitation To Self-identify.	Public	None
Legal Statement Decline URL	URL used to redirect a candidate who declines a legal statement placed before the login page when this candidate needs to log in before seeing the job list.	Public
Masking Diversity Question Answers	Enables the masking of diversity question answers in Career Sections.	Public	No
Maximum attempts to attach file period	Period during which the maximum number of candidate attachment attempts apply.	Protected	30
Message Delete Permission	This setting displays or not the "Delete" link for each message in all candidate portals.	Public	No
Number of Unreceived Pings Before Time Out	Time out period setup of the Career Section. Number of missing pings before the session is terminated.	Protected	2
Organization Web Address	Web site host name of the organization. Home page of the organization, not the Career Section home page.	Public	www.VIDE4.com
Populate Source Tracking for Employee Referral	When the setting is enabled and employees use the Refer a friend feature from within an internal career section, the Source Tracking value on the Job Submission tab of the candidate file is automatically filled with the “Our Employee” value. This feature applies to both general profile and job-specific requisition referrals by employees. The source does not have to be configured as In Profiler and In Requisition. The source does not have to be configured as an active source on the requisition. Only source code REF-12 can be used with this feature; it cannot be used with sources configured by customers. This feature is not associated in any way with referrals made through Sourcing.	Public	No
Profile Import Partner Availability Apply With LinkedIn	Activated, the Apply With LinkedIn service is exposed in Configuration for a customer to configure and enable. Deactivated, it is not displayed in Configuration. If deactivated after prior activation, historic configuration is stored.	Public	Yes
Propagate Username in Login Pages	Automatically propagate the username when the user browses through the login pages (login, registration, forgotten password, forgotten username etc.).	Public	Yes
Request More Info Active	Activated Flow for Request More Information	Public	None
Resume Parsing Languages and Scope	Indicates the content languages allowed in a flow to extract and display data from a resume file, using the resume upload function.	Protected	en*,1
RSS Feed Activation	Activate the RSS feed feature on the customer zone.	Public	No
Session Maximum Inactive Interval	Time out period setup of the Career Section. Maximum inactive interval, in milliseconds, for a user before his session is terminated.	Protected	3600000
Session Time Out Reminder Interval	Time out period setup of the Career Section. Time in milliseconds before session timeout reminder is displayed.	Protected	1200000
Show Explicit Login Error Messages	Specifies if the error messages returned by the system identify whether the user ID or password was incorrect.	Public	Yes
Technical Help Information Type	Indicates the type of information used to explain how to get technical help.	Public	None

Career Section Security Settings

Security Settings

Security settings can be set globally for each type of Career Section, and also for a specific Career Section.

System administrators can set security settings globally for each type of Career Section (internal, external, agency portal) under the Global Security section of the Career Section Administration menu. For example, Sign In requirements might be different for those who already work for the organization (Internal Career Sections) versus candidates who do not already work for the organization (External Career Sections). Or, Agency Portals might have entirely different User Account parameters.

System administrators can also set security settings for a specific Career Section by accessing the career section page under the Career Section section of the Career Section Administration menu. If a system administrator configures the security settings for a given Career Section, it is the configuration specifically made for that Career Section that is applied, not the configuration set for a Career Section type. The security settings set at the Career Section type level are used as the default settings if no settings are defined for a given Career Section.

Security settings are organized into five groups:

Security Settings
Sign In
User Accounts
Self-registration (not for agency portals)
User Name

There are two groups of security settings that can only be set at the Career Section type:

Password
Forgot Password

Several Career Section settings allows the configuration of several Security Settings. For example, the system administrator can choose to enforce a security protection on all pre-authentication pages in order to prevent browser to cache all credentials (login/password, access code, secret question/answer) request. The Activate Secure Login setting allows the system administrator to enable this feature. When this setting is activated, the Back button in browser may not work properly anymore.

Setting	Possible Values	Default Value	Location
Show Explicit Login Error Messages	No Yes	Yes	Configuration > [Career Section] Settings
Propagate Username in Login Pages	No Yes	Yes	Configuration > [Career Section] Settings
Career Section Services Password	user-defined	None	Configuration > [Career Section] Settings
Activate Secure Login	No Yes	No	Configuration > [Career Section] Settings
Use SSN as User Name	User-defined	No	Configuration > [Career Section] Settings
Invitation to Self-identify	User-defined	none	Configuration > [Career Section] Settings

Configuration

User Type Permission Name	Location
Manage Security Policies	Configuration > [SmartOrg] Administration > User Types > Configuration

Configuring Security Options for a Career Section Type

The Access the Career Section administration section user type permission grants users access to this feature.

Configuration > [Career Section] Administration > [Global Security] Career Section types

Select a career section type (internal, external, agency portal, Onboarding portal).
Click Show next to the settings type.
Click Edit next to the security option.
Make changes.
Click Save.

If no options are set specifically for a Career Section, then the selections made for a specific type of Career Section are applied.

Configuring Security Options for a Specific Career Section

The Access the Career Section administration section user type permission grants users access to this feature.

Career section must have Inactive status.

Configuration > [Career Section] Administration > Career Sections

Click the name of a Career Section.
Click Edit next to the security category.
Make changes.
Click Save.

Security options are applied to that specific Career Section.

Security Setting Options

Security setting options can be set in the following places:

Configuration > [Career Section] Administration > Internal Career Sections
Configuration > [Career Section] Administration > External Career Sections
Configuration > [Career Section] Administration > Agency Portals
Configuration > [Career Section] Administration > Career Sections > Career Section Name

Security setting options can be applied globally to a Career Section type or to a specific Career Section.

Security Setting Options
Require users to sign in before accessing the Job List
Require users to sign in before accessing job descriptions
Allow users to change their user name
Activate SSL encryption
Allow access by internal candidates (employees) only
Log the user out when the last page of the flow has been reached, then display the main Job List if the user attempts to go Back
Use this phone number as hotline for users who encounter login problems

Sign In Policy Options

Sign in policy options can be set in the following places:

Configuration > [Career Section] Administration > Internal Career Sections
Configuration > [Career Section] Administration > External Career Sections
Configuration > [Career Section] Administration > Career Sections > Internal or External Career Section Name
Configuration > [Career Section] Administration > Agency Portals

Sign In Policy Options
Allow new users to register in system
Display the link "Forgot your user name?"
Display the link "Forgot your password?"
Show explicit error messages to users at login
Display the OpenID option

User Account Policy Options

User account policy options can be set in the following places:

Configuration > [Career Section] Administration > Internal Career Sections
Configuration > [Career Section] Administration > External Career Sections

User Account Policy Options
Number of incorrect sign-in attempts allowed per user before his/her account is locked
Period during which the system prevents access to an account that has been locked
Use the following authentication method
Activate the Career Section Single Sign-On Configuration Wizard

Self-Registration Policy Options

Self-registration policy options can be set in the following places:

Configuration > [Career Section] Administration > Internal Career Sections
Configuration > [Career Section] Administration > External Career Sections
Configuration > [Career Section] Administration > Career Sections > Internal or External Career Section Name

Self-registration policy options are unavailable for Agency Portals.

Self-Registration Policy Options
Ask new users to provide a password when they register
Ask new users to confirm the password when they register
Ask new users to provide an email address when they register
Ask new users to confirm the email address when they register
Activate the registration confirmation page
Number of username attempts before closing the session

User Name Policy Options

User name policy options can be viewed in the following places:

Configuration > [Career Section] Administration > Internal Career Sections
Configuration > [Career Section] Administration > External Career Sections
Configuration > [Career Section] Administration > Career Sections> Career Section name

User Name Policy Options
Activate this user name security policy
Require user names that contain at least X characters
Require user names that contain no more than X characters

Password Policy Options

Password policy options can be set in the following places:

Configuration > [Career Section] Administration > Internal Career Sections
Configuration > [Career Section] Administration > External Career Sections
Configuration > [Career Section] Administration > Agency Portals

Password policy options can only be applied globally to a Career Section type.

Password Policy Options
Allow a password to be valid for X days (leave the field empty and passwords will not expire)
When a password change is required, prevent the reuse of the previous X passwords
Require passwords that contain at least X characters
Require passwords that contain at least X characters
Require passwords that contain no more than X characters
Require passwords that contain at least X letters of the Roman alphabet
Require passwords that contain at least X lowercase letters of the Roman alphabet
Require passwords that contain at least X uppercase letters of the Roman alphabet
Require passwords that contain at least X numeric characters
Require passwords that contain at least X characters other than letters and numbers (! # $ % & ( ) * + , - . / : ; <=> ? @ [ ] _ ` { \| } ~)
Require passwords that contain no more than X identical consecutive characters
Require passwords that do not contain the user's first name
Require passwords that do not contain the user's last name
Require passwords that do not contain the corresponding user name
Require passwords that do not contain the user's email address

Forgot Password Policy Options

Forgot password policy options must be set for each of the three Career Section types.

Configuration > [Career Section] Administration > Internal Career Sections
Configuration > [Career Section] Administration > External Career Sections
Configuration > [Career Section] Administration > Agency Portals

Forgot Password policy options can only be set globally for a Career Section type.

Forgot Password Policy Options
Use this method to change passwords
Number of incorrect attempts allowed per user to enter the email address
Lock a user’s account when the number of incorrect attempts allowed to enter the email address is exceeded
Require X security questions
Require answers that contain at least X characters (X must be greater than 0)
Number of attempts allowed per user to answer the security question
Lock a user's account when the number of attempts allowed to answer the security question is exceeded
Mask the security answer values

Details regarding the “Use this method to change passwords” setting

The change password procedure contains six options of authentication:

Options for the “Use this method to change passwords” Setting
Option	Description
Access Code	An email containing an access code is sent to the user once the user has confirmed his/her email address.
Security Questions	The user is asked to answer the security questions (from 1 to 3) previously entered in his/her profile. If the answer is correct, the user is invited to enter a new password.
Security Questions and Access Code	The user is asked to answer the security questions (from 1 to 3) previously entered in his/her profile. If the answer is correct, an email containing an access code is sent to the user once the user has confirmed his/her email address.
Security Questions or Access Code	The user is asked to answer the security questions (from 1 to 3) previously entered in his/her profile. If the answer is correct and the user has an email address, an access code is sent to the user once the user has confirmed his/her email address. If the user does not have an email address and the answer to the security question is correct, the access is granted to the application and the user is invited to change his/her password.
Security Questions and/or Access Code	When this option is activated, one of the following situation will happen. See the Security Questions and/Or Access Code table.
Contact System Administrator	The user is asked to contact the system administrator. Only the system administrator can then generate a new password and communicate it to the user.

Details Regarding the “Security Questions and/or Access Code” Option
The user has an email address	Security questions were activated
Yes	Yes	The user will have to answer the security questions correctly and an access code will be emailed.
Yes	No	The user will receive an access code by email.
No	Yes	The user will have to answer the security questions correctly to be able to access the application.
No	No	The user will be asked to contact the technical support.

Details regarding the Use this method for the Forgot Username setting

Career Section users who forget their user name can now receive it in an e-mail.

If Career Section users forget their user name, they use the Forgot your user name? link and then enter their e mail address in the corresponding field.

Afterwards, they receive an e-mail containing their user name. They then use this information (and their password) to log into the career section.

In prior releases, the user name was displayed on-screen; there was no option to send it in an e-mail.

A new setting (configured for internal and/or external career sections separately) is available: Use this method for the Forgot Username feature. Administrators can choose between:

Email: The user name is sent by e-mail.
On Screen: The user name is displayed in clear text.

The default value of the setting Use this method for the Forgot Username feature is On Screen.

There is a separate message template called “Find username” associated with this feature. That message template should not be confused with the “Forgot username” message template.

Customers who plan to enable user name recovery through e-mail are advised to add the E-mail field to their Registration page. This measure ensures that the system has an e-mail on record for every candidate and will therefore send the “Find username” message even to users who don’t complete the first page of an application flow.

It is recommended that customers set the value of the Propagate Username in Login Pages setting to No (Configuration > Career Section Settings). This is because candidates can also use the Forgot your password feature to retrieve their user name. If they were to lend their device to someone else, the feature could be used for user name harvesting.

Details regarding the "Mask the security answer values" setting

If the setting value is set to Yes, answers to security questions are masked (concealed) while they are being typed and submitted. This provides candidates and employees with better security by preventing people who might be looking at the computer screen or tablet from seeing the answers to security questions. Visitors must enter the answer (also masked) in a second field to confirm their answer.

First-time Sign-in and Security Question Answers

If candidates or employees sign into a career section for the first time to create their candidate profile and they are required to provide answers for security questions, asterisks are displayed in place of the answers they type. For each security question, visitors must also enter their answer (also masked) in a second field to confirm the answer they provided in the first field.

"Forgot your password?" and Masking Security Answer Questions

If candidates or employees forget their password and are required to provide answers for security questions, visitors must enter their answer to each question in two fields, the second field serving as confirmation of the answer they entered in the first field. You can configure security question answers such that they are masked while being typed and submitted.

If the setting value is set to No, the characters will be displayed as the candidates or employees type them.

The "Mask the security answer values" setting is only displayed for internal and/or external career section configuration if the value of the corresponding "Use this method to change passwords" setting is set to include security questions. For example, if you select Access Code as the method to change passwords for internal career sections, the "Mask the security answer values" setting is not displayed (hence cannot be configured) for internal career sections.