Mobile is always a hot topic when it comes to managing employees. And now that remote working is becoming the norm for organizations across many industries, it’s an even more prominent and relevant tool.
So, what are the important things to know? Gregory Anderson, better known as Mobilelicious for folks in UKG Kronos Community, has the scoop. As the product manager for the UKG Workforce Mobile and UKG Workforce Tablet apps, Greg is THE mobile guy and a true wealth of information about all things mobile.
If you’re someone who is interested in deploying mobile or expanding its reach across your workforce, Greg says these are some of the most important product questions to keep in mind.
Do you want employees to attest to the mobile policy?
If you want your employees to acknowledge that they agree to your policy, prompting them with a message to “opt in to use the mobile app is a way to get that confirmation — meaning employees will see a message about the mobile policy and must agree to the terms and conditions before logging in to the mobile app. Giving employees the option to opt in or out supports the voluntary aspect of bring-your-own-device policies. If some employees aren’t comfortable with the policy and disagree, not a big deal. Those employees simply won’t be able to use the mobile app for things like punching in, viewing schedules, swapping shifts, requesting time off, etc. They’d have to perform those tasks on the InTouch device or on their desktop.
The Question Profile is your mechanism for getting employees to attest to the mobile policy. Enter the message and the answer choices you want to present into the Question Profile Editor (pictured below). In addition to requiring a certain answer for access, you can also set the frequency for how often you’d like the message to show up, for example, every time someone logs in to the app or only once a year.
Find Question Profile Editor under Setup > Common Setup or search “Question Profile” in the mobile app.
Who should have access to the mobile app?
Once you’ve decided whether your employees will attest to using the mobile app, you must identify who will have app access. Is it everyone? Just certain people? Licenses used to determine app access, but the end of Flash this year opens web access, allowing people to use the server URL to get right in.
So, the follow-up question here is about security. You know who you want to have access, but what level of security do you need? Maybe none, maybe a little, maybe a lot — but you have options. Here are a few.
Geosensing
A subtle way to enforce your punch policy, geosensing is the ability to record punch locations. There are no systematic punch restrictions with geosensing, but all punch locations are recorded and available for managers to look up at any time in a punch detail report. It’s the honor system to some extent, but the idea is that accessible punch data will encourage people to do the right thing and submit honest punches.
You can enable geosensing under Setup > Access Profiles
Geofencing
A stronger way to enforce your punch policy is to use geofencing. Geofencing is the ability to restrict employee punching to an explicit area or radius — meaning that employees must be in a specific known place that you’ve identified for their punches to be accepted. You can perform geofencing based on two types of technologies that provide maps of employee punch locations.
- Global position satellites (GPS): The GPS method uses latitude and longitude coordinates to confirm that only punches submitted within the known location are accepted. The screenshot below depicts the Known Places Editor where you can set your coordinates, the context radius, and the punch radius. The context radius allows you to define the area inside of which the mobile app’s context (HyperFind, location, date range) will change. The punch radius is the area where an employee must be located for the punch to be accepted. Both the context radius and punch radius are set in meters.
- Near-field communication (NFC): NFC involves setting tags or bar codes in various locations where your employees perform work. You then configure the system to only allow punches that are submitted within proximity of the identified tags. A couple catches with this method are that you must set up and maintain the location tags and that NFC technology is available only for Android, not for iOS.
IP restrictions
IP restrictions are an all-or-nothing security measure. You set the known IP address range, and employees can submit punches using the mobile app only if they are using the address. Here is a view of the Known IP Address Range Editor.
If employees aren’t at work, what do you want them to be able to do?
Once you’ve figured out your security approach, you must also think about what you’ll allow employees to do within the mobile app. Can they do everything? Are there limitations?
The Access Method Profile allows you to use location to craft different user experiences. In other words, employees’ role profiles can change based on where they access the mobile app. Two additional profiles within the Access Method Profile help set up the parameters you want.
- The Display Profile determines what people can or can’t see
- The Function Access Profile determines what people can or cannot do
For example, you can create a “work” access profile with no mobile app restrictions for people at work and a “home” access profile with access only to certain functionality while working remotely. Maybe a manager can edit schedules while she’s at work, but at home, she can only view them. You have complete control over what employees can do, and you can monitor what Access Profile they experience in three ways. For the three examples below, let’s say Access Profile experience A is a work profile with no limitations and access to everything. Access Profile experience B is a home profile and has restricted access.
- Range of IP addresses — What IP address is the employee on? If the employee is connected to the range of known work addresses, the employee will get experience A. If the employee is not connected to the range of known work addresses, the employee will get experience B.
- Mobile app — Is the employee using the mobile app or the web browser? Mobile app equals experience A with all access. Web browser equals experience B with limited capabilities.
- Enterprise mobile management — You can work with third-party EMM platforms to determine whether the device an employee is using is a managed corporate device. In other words, the app is configured to recognize that a device is one owned by the company. If it’s a managed corporate device, the employee gets experience A. If not, the employee gets experience B.
Access method profile configuration is in the setup
I hope this helps with understanding the ins and outs of mobile and how it can help you provide the right level of punch access to your employees. The good news is that all of this and more is available in UKG Kronos Community. Don’t miss these resources.
*Note: You must be logged in to UKG Kronos Community to access.
The content of this blog is courtesy of Gregory Anderson, product manager for UKG Workforce Mobile and UKG Workforce Tablet. Greg is responsible for imbuing the UKG Workforce Central suite with “mobileness” and has traveled the world to ask organizations, “How can UKG help?” He has worked with enterprise and network security hardware for more than 18 years in a variety of roles. He is blessed with a wonderful family and cursed with a passion for soccer.