10Security
Security
Security
Settings
Settings are used to configure features in Oracle Taleo Enterprise Edition products.
There are two types of settings:
-
Global settings: Settings that affect multiple Oracle Taleo Enterprise Edition products.
-
Product settings: Settings specific to an Oracle Taleo Enterprise Edition product, for example, Recruiting, Career Section, Onboarding (Transitions), Performance, Reporting and Analytics.
| Setting | Location |
|---|---|
| Global settings | Configuration > [Central Configuration] Settings |
| SmartOrg settings | Configuration > [SmartOrg] Settings |
| Recruiting settings | Configuration > [Recruiting] Settings |
| Career Section settings | Configuration > [Career Section] Settings |
| Onboarding (Transitions) settings | Configuration > [Onboarding (Transitions)] Settings |
| Performance settings | Configuration > [Performance] Settings |
| Reporting and Analytics settings | Configuration > [Reporting and Analytics] Settings |
A setting has one of the following security levels: Public, Protected, Private.
| Security Level | Description |
|---|---|
| Public | System administrators can view and change the setting. |
| Protected | System administrators can view the setting, but changes can only be performed by Oracle. |
| Private | System administrators cannot view or change the setting. Only Oracle can view and change the setting. |
Configuring a Setting
The security level of the setting must be Public.
The Manage Settings user type permission is required.
For global settings:
For product settings:
Locate the setting using the Refine by list or the Feature column.
Click the name of a setting.
Click Edit next to the name of the setting.
Make changes.
Click Save.
Restoring the Default Value of a Setting
The security level of the setting must be Public.
The Manage Settings user type permission is required.
For global settings:
For product settings:
Locate the setting using the Refine by list or the Feature column.
Click the name of a setting.
Click Reset next to the name of the setting.
The default value of the setting is restored and the change is reflected in the product.
Career Section Settings
A setting is assigned one of the following security levels: Public, Protected, Private.
| Security Level | Description |
|---|---|
| Public | System administrators can view and change the setting. |
| Protected | System administrators can view the setting, but changes can only be done by Taleo. |
| Private | System administrators cannot view nor change the setting. Only Taleo can view and change the setting. |
| Career Section Settings | |||
|---|---|---|---|
| Setting | Description | Security Level | Default Value |
| Access to "View Email Messages" | This setting displays or not the "View Messages" link in the candidate portal and for all candidate portals. | Public | No |
| Activate Secure Login | When configured to No, candidates' browsers will cache all career pages. When configured to Yes, candidates' browsers will only cache pages from the unauthenticated state. | Private | Yes |
| Advanced Logic Draft Submission Activation | Allow the administrator to activate the advanced logic for draft submissions. | Public | No |
| Always Display Profile Import Services | Determines the display of third-party profile import services on the Resume Upload block. If the setting is set to "No", the services are hidden from view when data is present in both the Education block and the Work Experience block. If the setting is set to "Yes", the services are always displayed. | Public | No |
| Authentication Page Layout | When configured as "horizontal", the sign-in partners section displays to the right of the username and password fields on the Login and New User Registration screens. When configured as "vertical", the sign-in partners section, and other authentication methods, displays below the username and password fields on the Login and New User Registration screens. | Public | Horizontal |
| Beacon Interval | Time out period setup of the Career Section. The ping frequency of the beacon in milliseconds. | Protected | 300000 |
| Candidate maximum attachment updates | Maximum number of possible candidate attachment updates per period. | Protected | 5 |
| Career Section Hits Tracking Activation | Activate the Career Section hits tracking on the customer zone. | Public | Yes |
| Career Section Latest Page Tracking Activation | Allow support team to activate tracking on latest page accessed by candidates in the Career Section. | Public | Yes |
| Career Section Services Password | This setting defines the password used in a special URL that returns the job list or the job description without using any sessions. | Public | |
| Career Section Session Timeout for Screening Block | The total amount of time (in milliseconds) available to candidates to fill out a screening questionnaire. This setting is used to extend the time available beyond the normal session timeout value of the JVM. | Protected | 1800000 |
| Career Section URL Redirection | Indicates if Career Section links must be redirected to the alternate job list URL when they are generated for an email or for a job board. (Variable {CAREER_SECTION_URL}) | Public | No |
| Cross Frame Protection Allowed Domains | Lists domains where Career Sections are allowed to be embedded in frames. Enter domains without protocols and pipe-separated. The * wildcard is accepted. Example: *.company.com|company2.com | Public | |
| Default Time Zone | Indicates the default time zone for the WebTop. | Public | |
| Disable access for candidates not using cookies | Blocks candidates without cookie support. | Public | No |
| Disqualified Candidates Lock Out Period | Disqualification lock out period preventing candidates from returning to their application or profile depending on where the disqualification occurred. | Public | Allow Always |
| Employee Referral Program URL | URL for the Employee Referral Program within the organization's Web site. Value used in the token {COMPANY_STATIC_PAGE} only for the Referral Acknowledgment letter sent to the candidate. | Public | |
| Enable Background Check Consent Disqualification Functions | When activated for Background Check Consent, this setting enables candidate disqualification functions. | Public | No |
| Enable Customization of Job Submission Statuses | This setting enables the administrator to configure messaging to candidates from the "My Jobpage" area of the Career section. | Public | No |
| Entry File for Career Section Links | Contains the complete path of the HTML file that contains the organization frames and the Taleo frame. | Public | |
| Faceted Search | Determines whether Faceted search can be enabled for specific career sections. | Public | No |
| Full Organization Name | Used to specify the organization name that must be used in the Job Application Information email and Correspondence Manager parts of the application. | Public | en=VIDE5; fr=VIDE5; es=VIDE5; de=VIDE5; it=VIDE5; nl=VIDE5; en-GB=VIDE5; zh-CN=VIDE5; ja=VIDE5; fr-FR=VIDE5 |
| General Profile Duplicate Check Task Assignee | Allows system administrators to specify the person who will perform the duplicate check task in the Recruiting Center for candidate general profiles. | ||
| Google Structured Data Location Mapping Country | The location level configured will use the value from the requisition's location for indexing into Google's location structure of "Country". This setting is optional for the Google indexing feature. | Public | Not specified |
| Google Structured Data Location Mapping Locality | The location level configured will use the value from the requisition's location for indexing into Google's location structure of "Locality", which is the concept of City. When this setting is configured to "Not Specified", the Google indexing feature will be disabled. | Public | Not specified |
| Google Structured Data Location Mapping Postal Code | The location level configured will use the value from the requisition's location for indexing into Google's location structure of "Postal Code". This setting is optional for the Google indexing feature. | Public | Not specified |
| Google Structured Data Location Mapping Region | The location level configured will use the value from the requisition's location for indexing into Google's location structure of "Region", which is the concept of State/Province. When this setting is configured to "Not Specified", the Google indexing feature will be disabled. | Public | Not specified |
| Google Structured Data Location Mapping Street Address | The location level configured will use the value from the requisition's location for indexing into Google's location structure of "Street Address". This setting is optional for the Google indexing feature. | Public | Not specified |
| Invitation To Self-identify | Activated Flow for Invitation To Self-identify. | Public | None |
| Legal Statement Decline URL | URL used to redirect a candidate who declines a legal statement placed before the login page when this candidate needs to log in before seeing the job list. | Public | |
| Masking Diversity Question Answers | Enables the masking of diversity question answers in Career Sections. | Public | No |
| Maximum attempts to attach file period | Period during which the maximum number of candidate attachment attempts apply. | Protected | 30 |
| Message Delete Permission | This setting displays or not the "Delete" link for each message in all candidate portals. | Public | No |
| Number of Unreceived Pings Before Time Out | Time out period setup of the Career Section. Number of missing pings before the session is terminated. | Protected | 2 |
| Organization Web Address | Web site host name of the organization. Home page of the organization, not the Career Section home page. | Public | www.VIDE4.com |
| Populate Source Tracking for Employee Referral | When the setting is enabled and employees use the Refer a friend feature from within an internal career section, the Source Tracking value on the Job Submission tab of the candidate file is automatically filled with the “Our Employee” value. This feature applies to both general profile and job-specific requisition referrals by employees. The source does not have to be configured as In Profiler and In Requisition. The source does not have to be configured as an active source on the requisition. Only source code REF-12 can be used with this feature; it cannot be used with sources configured by customers. This feature is not associated in any way with referrals made through Sourcing. |
Public | No |
| Profile Import Partner Availability Apply With LinkedIn | Activated, the Apply With LinkedIn service is exposed in Configuration for a customer to configure and enable. Deactivated, it is not displayed in Configuration. If deactivated after prior activation, historic configuration is stored. | Public | Yes |
| Propagate Username in Login Pages | Automatically propagate the username when the user browses through the login pages (login, registration, forgotten password, forgotten username etc.). | Public | Yes |
| Request More Info Active | Activated Flow for Request More Information | Public | None |
| Resume Parsing Languages and Scope | Indicates the content languages allowed in a flow to extract and display data from a resume file, using the resume upload function. | Protected | en*,1 |
| RSS Feed Activation | Activate the RSS feed feature on the customer zone. | Public | No |
| Session Maximum Inactive Interval | Time out period setup of the Career Section. Maximum inactive interval, in milliseconds, for a user before his session is terminated. | Protected | 3600000 |
| Session Time Out Reminder Interval | Time out period setup of the Career Section. Time in milliseconds before session timeout reminder is displayed. | Protected | 1200000 |
| Show Explicit Login Error Messages | Specifies if the error messages returned by the system identify whether the user ID or password was incorrect. | Public | No |
| Technical Help Information Type | Indicates the type of information used to explain how to get technical help. | Public | None |
Career Section Security Settings
Security Policies
Security settings can be set globally for each type of Career Section, and also for a specific Career Section.
System administrators can set security settings globally for each type of Career Section (internal, external, agency portal) under the Global Security section of the Career Section Administration menu. For example, Sign In requirements might be different for those who already work for the organization (Internal Career Sections) versus candidates who do not already work for the organization (External Career Sections). Or, Agency Portals might have entirely different User Account parameters.
System administrators can also set security settings for a specific Career Section by accessing the career section page under the Career Section section of the Career Section Administration menu. If a system administrator configures the security settings for a given Career Section, it is the configuration specifically made for that Career Section that is applied, not the configuration set for a Career Section type. The security settings set at the Career Section type level are used as the default settings if no settings are defined for a given Career Section.
Security Settings
Sign In
User Accounts
Self-registration (not for agency portals)
User Name
There are two groups of security settings that can only be set at the Career Section type:
Password
Forgot Password
Several Career Section settings allows the configuration of several Security Settings. For example, the system administrator can choose to enforce a security protection on all pre-authentication pages in order to prevent browser to cache all credentials (login/password, access code, secret question/answer) request. The Activate Secure Login setting allows the system administrator to enable this feature. When this setting is activated, the Back button in browser may not work properly anymore.
| Setting | Possible Values | Default Value | Location |
|---|---|---|---|
| Show Explicit Login Error Messages |
|
No | Configuration > [Career Section] Settings |
| Propagate Username in Login Pages |
|
Yes | Configuration > [Career Section] Settings |
| Career Section Services Password | user-defined | None | Configuration > [Career Section] Settings |
| Activate Secure Login |
|
No | Configuration > [Career Section] Settings |
| Use SSN as User Name | User-defined | No | Configuration > [Career Section] Settings |
| Invitation to Self-identify | User-defined | none | Configuration > [Career Section] Settings |
Configuration
| User Type Permission Name | Location |
|---|---|
| Manage Security Policies | Configuration > [SmartOrg] Administration > User Types > Configuration |
Configuring Security Options for a Career Section Type
The Access the Career Section administration section user type permission grants users access to this feature.
-
Select a career section type (internal, external, agency portal, Onboarding portal).
Click Show next to the settings type.
Click Edit next to the security option.
Make changes.
Click Save.
If no options are set specifically for a Career Section, then the selections made for a specific type of Career Section are applied.
Configuring Security Options for a Specific Career Section
The Access the Career Section administration section user type permission grants users access to this feature.
Career section must have Inactive status.
-
Click the name of a Career Section.
-
Click Edit next to the security category.
-
Make changes.
-
Click Save.
Security options are applied to that specific Career Section.
Security Setting Options
Security setting options can be set in the following places:
-
Configuration > [Career Section] Administration > Internal Career Sections
-
Configuration > [Career Section] Administration > External Career Sections
-
Configuration > [Career Section] Administration > Agency Portals
-
Configuration > [Career Section] Administration > Career Sections > Career Section Name
| Security Setting Options |
|---|
| Require users to sign in before accessing the Job List |
| Require users to sign in before accessing job descriptions |
| Allow users to change their user name |
| Allow access by internal candidates (employees) only |
| Log the user out when the last page of the flow has been reached, then display the main Job List if the user attempts to go Back |
| Use this phone number as hotline for users who encounter login problems |
| Require users to authenticate after changing their email address or user name. |
Sign In Policy Options
Sign in policy options can be set in the following places:
-
Configuration > [Career Section] Administration > Internal Career Sections
-
Configuration > [Career Section] Administration > External Career Sections
-
Configuration > [Career Section] Administration > Career Sections > Internal or External Career Section Name
-
Configuration > [Career Section] Administration > Agency Portals
| Sign In Policy Options |
|---|
| Allow new users to register in system |
| Display the link "Forgot your user name?" |
| Display the link "Forgot your password?" |
| Show explicit error messages to users at login |
| Display the OpenID option |
User Account Policy
User account policy options can be set in the following places:
-
Configuration > [Career Section] Administration > Internal Career Sections
-
Configuration > [Career Section] Administration > External Career Sections
| User Account Policy Options |
|---|
| Number of incorrect sign-in attempts allowed per user before his/her account is locked |
| Period during which the system prevents access to an account that has been locked |
| Use the following authentication method |
| Activate the Career Section Single Sign-On Configuration Wizard |
Self-Registration Policy Options
Self-registration policy options can be set in the following places:
-
Configuration > [Career Section] Administration > Internal Career Sections
-
Configuration > [Career Section] Administration > External Career Sections
-
Configuration > [Career Section] Administration > Career Sections > Internal or External Career Section Name
| Self-Registration Policy Options |
|---|
| Ask new users to provide a password when they register |
| Ask new users to confirm the password when they register |
| Ask new users to provide an email address when they register |
| Ask new users to confirm the email address when they register |
| Activate the registration confirmation page |
| Number of username attempts before closing the session |
User Name Policy Options
User name policy options can be viewed in the following places:
-
Configuration > [Career Section] Administration > Internal Career Sections
-
Configuration > [Career Section] Administration > External Career Sections
-
Configuration > [Career Section] Administration > Career Sections> Career Section name
| User Name Policy Options |
|---|
| Activate this user name security policy |
| Require user names that contain at least X characters |
| Require user names that contain no more than X characters |
Password Policy Options
Password policy options can be set in the following places:
-
Configuration > [Career Section] Administration > Internal Career Sections
-
Configuration > [Career Section] Administration > External Career Sections
-
Configuration > [Career Section] Administration > Agency Portals
| Password Policy Options |
|---|
| Allow a password to be valid for X days (leave the field empty and passwords will not expire) |
| When a password change is required, prevent the reuse of the previous X passwords |
| Require passwords that contain at least X characters |
| Require passwords that contain at least X characters |
| Require passwords that contain no more than X characters |
| Require passwords that contain at least X letters of the Roman alphabet |
| Require passwords that contain at least X lowercase letters of the Roman alphabet |
| Require passwords that contain at least X uppercase letters of the Roman alphabet |
| Require passwords that contain at least X numeric characters |
| Require passwords that contain at least X characters other than letters and numbers (! # $ % & ( ) * + , - . / : ; <=> ? @ [ ] _ ` { | } ~) |
| Require passwords that contain no more than X identical consecutive characters |
| Require passwords that do not contain the user's first name |
| Require passwords that do not contain the user's last name |
| Require passwords that do not contain the corresponding user name |
| Require passwords that do not contain the user's email address |
Forgot Password Policy
Forgot password policy options must be set for each of the three Career Section types.
-
Configuration > [Career Section] Administration > Internal Career Sections
-
Configuration > [Career Section] Administration > External Career Sections
-
Configuration > [Career Section] Administration > Agency Portals
| Forgot Password Policy Options |
|---|
| Use this method to change passwords |
| Number of incorrect attempts allowed per user to enter the email address |
| Lock a user’s account when the number of incorrect attempts allowed to enter the email address is exceeded |
| Require X security questions |
| Require answers that contain at least X characters (X must be greater than 0) |
| Number of attempts allowed per user to answer the security question |
| Lock a user's account when the number of attempts allowed to answer the security question is exceeded |
| Mask the security answer values |
Details regarding the “Use this method to change passwords” setting
The change password procedure contains six options of authentication:
| Options for the “Use this method to change passwords” Setting | |
|---|---|
| Option | Description |
| Access Code | An email containing an access code is sent to the user once the user has confirmed his/her email address. |
| Security Questions | The user is asked to answer the security questions (from 1 to 3) previously entered in his/her profile. If the answer is correct, the user is invited to enter a new password. |
| Security Questions and Access Code | The user is asked to answer the security questions (from 1 to 3) previously entered in his/her profile. If the answer is correct, an email containing an access code is sent to the user once the user has confirmed his/her email address. |
| Security Questions or Access Code | The user is asked to answer the security questions (from 1 to 3) previously entered in his/her profile. If the answer is correct and the user has an email address, an access code is sent to the user once the user has confirmed his/her email address. If the user does not have an email address and the answer to the security question is correct, the access is granted to the application and the user is invited to change his/her password. |
| Security Questions and/or Access Code | When this option is activated, one of the following situation will happen. See the Security Questions and/Or Access Code table. |
| Contact System Administrator | The user is asked to contact the system administrator. Only the system administrator can then generate a new password and communicate it to the user. |
| Details Regarding the “Security Questions and/or Access Code” Option | ||
|---|---|---|
| The user has an email address | Security questions were activated | |
| Yes | Yes | The user will have to answer the security questions correctly and an access code will be emailed. |
| Yes | No | The user will receive an access code by email. |
| No | Yes | The user will have to answer the security questions correctly to be able to access the application. |
| No | No | The user will be asked to contact the technical support. |
Details regarding the Use this method for the Forgot Username setting
Career Section users who forget their user name can now receive it in an e-mail.
If Career Section users forget their user name, they use the Forgot your user name? link and then enter their e mail address in the corresponding field.
Afterwards, they receive an e-mail containing their user name. They then use this information (and their password) to log into the career section.
In prior releases, the user name was displayed on-screen; there was no option to send it in an e-mail.
A new setting (configured for internal and/or external career sections separately) is available: Use this method for the Forgot Username feature. Administrators can choose between:
Email: The user name is sent by e-mail.
On Screen: The user name is displayed in clear text.
The default value of the setting Use this method for the Forgot Username feature is On Screen.
There is a separate message template called “Find username” associated with this feature. That message template should not be confused with the “Forgot username” message template.
Customers who plan to enable user name recovery through e-mail are advised to add the E-mail field to their Registration page. This measure ensures that the system has an e-mail on record for every candidate and will therefore send the “Find username” message even to users who don’t complete the first page of an application flow.
It is recommended that customers set the value of the Propagate Username in Login Pages setting to No (Configuration > Career Section Settings). This is because candidates can also use the Forgot your password feature to retrieve their user name. If they were to lend their device to someone else, the feature could be used for user name harvesting.
Details regarding the "Mask the security answer values" setting
If the setting value is set to Yes, answers to security questions are masked (concealed) while they are being typed and submitted. This provides candidates and employees with better security by preventing people who might be looking at the computer screen or tablet from seeing the answers to security questions. Visitors must enter the answer (also masked) in a second field to confirm their answer.
First-time Sign-in and Security Question Answers
If candidates or employees sign into a career section for the first time to create their candidate profile and they are required to provide answers for security questions, asterisks are displayed in place of the answers they type. For each security question, visitors must also enter their answer (also masked) in a second field to confirm the answer they provided in the first field.
"Forgot your password?" and Masking Security Answer Questions
If candidates or employees forget their password and are required to provide answers for security questions, visitors must enter their answer to each question in two fields, the second field serving as confirmation of the answer they entered in the first field. You can configure security question answers such that they are masked while being typed and submitted.
If the setting value is set to No, the characters will be displayed as the candidates or employees type them.
The "Mask the security answer values" setting is only displayed for internal and/or external career section configuration if the value of the corresponding "Use this method to change passwords" setting is set to include security questions. For example, if you select Access Code as the method to change passwords for internal career sections, the "Mask the security answer values" setting is not displayed (hence cannot be configured) for internal career sections.