secure otp based login for naukri recruiters
TRANSCRIPT
RESDEX –Security and Compliance
Making Resdex - KYC compliant and secure
2
KYC Requirements
Verify Identity and the address of the person/entity to whom the services
have been sold.
Each recruiter account offered by Naukri to be uniquely identifiable and
verified.
Any change in the contact details needs to be revalidated in the same manner.
3
Security requirements
Prevent unauthorized access in customer accounts
Provide Mobile number validation & OTP based authentication for user login
4
OTP based login authentication for sub users and super user
Users will be required to enter a One Time Password (OTP) after submitting username/password before they can use any Naukri service.
Users need to mandatorily have unique and verified email ID as login ID.
The OTP will be sent on verified email ID.
In case verified mobile number is available in the user’s account, then OTP will be sent via SMS as well.
OTP will become mandatory for all users and super users soon.
User will be prompted for OTP after submitting username & password
If OTP based Login is activated for the company If the user’s login ID / username is a verified
email ID If the user’s login pattern has changed or
suspicious login is detected
1
3
2
5
6
The OTP will be sent via mail on verified email ID
Users without verified email ID as user-name will not be covered under the Security setting.
However, users in their accounts having verified email ID will get Login OTP if the Security setting is enabled.
All users will need to enter OTP when Login OTP becomes mandatory.
7
In case of delay, the user can resend OTP OTP is specific to a user and login session.
User A’s OTP for 1 System cannot be used for a different System.
OTP will expire After 30 minutes of generation If it has been used once
Resent OTP will be valid for another 30 minutes Any of the valid unused OTPs can be used for
validation.
8
The OTP will be prompted when user logs in from CSM or NaukriRecruiter login pages as well
9
Pre-requisites for OTP based Login
• All users need to have unique and verified email ID as login ID.
• Users can add and verify their mobile numbers.
10
All users need to have unique and verified email ID as login ID.
For Super User:-
Username modification request Email Verification
1. Login at https://recruit.Naukri.com2. Resend Verification Link
3. Click on verification link in mail
http://recruiterzone.naukri.com/how-to-verify-login-email-id/
• To [email protected] • Or through account manager
11
All users need to have unique and verified email ID as login ID.
1. Login at https://recruit.Naukri.com2. Resend Verification Link3. Click on verification link in mail
http://recruiterzone.naukri.com/how-to-verify-login-email-id/
For existing sub users:-
2 options for editing sub user’s username:-
Online by sub user
Sub user fills email ID on login prompt
Sub user verifies email
Super User approves / edits the email
Assisted Edit for bulk usernames
Super user downloads format containing usernames
Super user sends updated usernames to Naukri Backend team
Backend team processes the email IDs
Sub user verifies the changed email ID
Username modification request Email Verification
12
The online process – initiated by sub user
13
• If a sub user’s username is not a valid email ID, then the user will be prompted to enter a unique and valid email ID.
• On submitting, an email with verification link will be sent on the entered email ID.
Sub user can provide unique and valid provide email ID
Online through sub user
Sub user prompt for email
Sub user verifies email ID
Super User approves / edits the email
14
Sub user needs to verify the email before it can be sent
Online through sub user
Sub user prompt for email
Sub user verifies email ID
Super User approves / edits the email
• Sub user can resend verification link from “Verify Email” link on MNR Homepage
• This link will be visible until the sub user has verified his email ID.
• Sub user needs to click on verification link in the mail
15
When sub user verifies email, super user will be asked to approve the email ID change request
Sub User clicks on verification link on email Super User gets email to approve the username change Online through sub user
Sub user prompt for email
Sub user verifies email ID
Super User approves / edits the email
16
Super user can login and approve sub user name change requests
Edit• Super user can also edit the email ID in the username change
request.
• Sub user will be sent verification link on the new ‘edited’ email ID
• When the sub user clicks on verification link, the username change will be considered approved.
• No further approval is required – the status will be updated on Manage Users page.
Online through sub user
Sub user prompt for email
Sub user verifies email ID
Super User approves / edits the email
Approve• Super user can approve username change request.
• Only requests in which sub user has verified email ID will appear in Pending section of Manage Users page.
• Notification mails will be sent to sub user when username change is approved by the super user.
Status of email change request
17
Sub user’s username will be updated in the system within 24 hours of super user’s approval
When super user approves the sub user’s username change, • Sub user will get notification
When sub user’s username is updated in the system,• Sub user & super user will get notification• Password will remain the same
Online through sub user
Sub user prompt for email
Sub user verifies email ID
Super User approves / edits the email
Within 24 hours
Updated user account will be secured with OTP based Login
Online through sub user
Sub user prompt for email
Sub user verifies email ID
Super User approves / edits the email
User will be prompted for OTP after submitting username and password
• If OTP based Login is activated for the company
• If the user’s login pattern has changed
1
3
2
19
The Assisted Offline process – initiated by Super user
20
Super user can mail the username change requests to us• In cases where large number of sub usernames need to be changed:-
1. Super user can download the csv of existing usernames from Manage Users page.2. Super user can update all the corresponding new usernames3. Super user can mail the updated csv to account manager or [email protected].
• If the new email IDs are valid and unique:- – The sub username will be updated within 24 hours.– Notification mails will be sub users super users and account managers.– The approved request will start appearing in Pending section of Manage Users page.
Link to download csv of usernames to be updated
21
Users can add and verify their mobile numbers.
22
Sub users and Super Users should add and verify their mobile numbers
• User will be able to add and verify her mobile number
• Super user will have the ability to add / edit the mobile number of any sub user in her account.
• Users from 2 different client accounts cannot have the same mobile number verified
23
In case of any queries, please write to us at [email protected]