Employee Handbook Access Should Be Easy
This is a long one, so let’s get right to it.
Signing in to Blissbook has been a pain in the butt for our non-SSO (Single Sign-On) users for a long time. It’s been a pain because Blissbook is password-based and… get ready… we never ask users to create a password. Users get a link in their invitation email that signs them in to their Blissbook automatically. However, if they ever sign out or use a different browser, they can’t access their Blissbook without a password. The workaround is to tell Blissbook you forgot your password and the system emails you a link to set up a new one.
We want to make it easy to access Blissbook. If your company’s policies are hard to access, they aren’t protecting your company. That’s bad!
There are 3 basic options for a computer system to confirm a user’s identity:
- The user and computer system know the same secret, such as a password, PIN, etc. Ideally, this secret is impossible for others to guess.
- The user has a physical object in their possession that verifies their identity to the system, such as a key, a bank card, a phone/computer/key fob with a secret token, etc.
- The system knows a physical characteristic of the user, such as a fingerprint, eye iris, voice, etc. This is known as biometrics.
Blissbook has traditionally used option #1. We’re switching to #2.
When a user tries to sign in to Blissbook, they’ll enter their email address. If that email address is in Blissbook, we’ll know who they are and what organization they belong to.
They’ll then get an email with a special link that they’ll click to sign in to Blissbook. Users will remain signed in for 60 days unless they explicitly sign out or switch web browsers.
This means your employees never have to create or remember a password to access their employee handbook. They just need access to their email account!
That’s a cool interaction because it enforces that users must be employed at the company. When I worked at [redacted] I had access to 35% discount with my mobile phone carrier. A year after I left, they texted me saying an email was sent to my work email and I’d need to click the link for the discount to continue. Same idea you guys are using for authentication. I could see it being cumbersome for frequently-used apps, but I think your use case is perfect for it.