Securing your logins with LastPass

As a business owner, you want to limit who can access your business systems. And maybe you don't want staff logging in when they aren't at work. Using LastPass Sharing Center* you can grant your staff access to You'reOnTime without them ever knowing the password.

*Visit LastPass for more info.

Table of Contents:

1. Creating Admin LastPass account
   
2. Creating LastPass accounts for each location
3. Resetting Staff Passwords and Setting Staff PINs
4. Creating a Shared Staff Login (PIN only)
5. Sharing the Shared Staff Login while hiding the password
6. Important Considerations

Creating Admin LastPass account

The first step is to create a LastPass account that only you will have access to. This account will be used to create and share the staff login through LastPass. If you already have a LastPass account for this purpose, you can skip forward to the next section.

1. Go to https://www.lastpass.com/ and create a new account.
2. Once you have created your account, you can either install LastPass using the button or log in via https://lastpass.com/?ac=1
3. Once you are logged in, you should see the main screen or "Vault" as shown below. If you are unable to log in, or cannot see the Vault, please visit https://support.lastpass.com/home for assistance.

Creating LastPass accounts for each Location or User

The next step is to create LastPass accounts with which you will share the You'reOnTime login. When setting up LastPass accounts for your staff, you will be required to supply an email address. For the highest security, it may be best to create  new email addresses for each account (by location or staff member). 

Depending on your preferences, we recommend one of the following approaches when setting up LastPass accounts:

• If you are using the PIN system^, we recommend setting up a single account per location (e.g. westend_staff@yourbiz.com), which all staff will use to access You'reOnTime. Only salon/store owners or managers should have access to the email and the email password should not be shared with staff. They will still be required to enter their PIN to use the system. This is a great option if you want to prevent your staff from logging in when they are not at work. 
  
  ^For more info on the PIN system, click here.
  
• If each staff member logs in using a password, we recommend creating a LastPass account for each user.
  

Pro Tip: If you enable Multi-Factor Authentication on each LastPass account so only you will be able to authorise logins to the LastPass accounts on new devices. This will help prevent staff from logging in anywhere other than work.

1. Ensure you are logged out of LastPass Admin account before commencing. Go to https://www.lastpass.com/ and create a new account using the location or user email above, eg: westend_staff@yourbiz.com.  Take note of the password you created, which you can share with your staff if you are using the PIN system. (You can even save this password in your own  Admin LastPass Vault once you've finished this process!)
2. 
3. Once you have created the account, log in via https://lastpass.com/?ac=1 to verify it is working. 
4. Once you are logged in, you should see the main screen or "Vault" as shown below. If you are unable to log in, or cannot see the Vault, please visit https://support.lastpass.com/home for assistance. 
5. (If you are not concerned with Mult-Factor Authentication skip this step)
   Click on Account Settings and then select the Multifactor Options Tab. From here you can select your preferred method of Multi-Factor Authentication. 
   
   For more info on Multi-Factor Authentication, visit: https://support.lastpass.com/home?articleID=1194870601
6. Repeat these steps if creating multiple accounts. When you are finished log out of LastPass.
   
   
   (Example of the Multi-Factor Authentication screen when logging into LastPass from an unauthorised/unknown device)

Reminder: Ensure you enable Multi-Factor Authentication to prevent staff from loggin into LastPass from other locations. For more information please see  https://support.lastpass.com/home?articleID=1194870601

Resetting Staff Passwords and Setting Staff PINs

Resetting Staff Passwords

1. Log into You'reOnTime with your manager credentials.
2. Click on Settings.
3. Under the Staff heading, click on Manage Staff.
4. Select the staff member you wish to change the password for.
   
   Note: You can also search by name, or filter by  Location and Security Level.
5. In the Details for Employee screen, scroll down to the Security section. 
6. Simply enter the new password in both the Password and Confirm Password fields.
7. Scroll down to the bottom of the page and click Save.

Adding PIN Numbers for Each of Your Staff

If you do not want to use the PIN System please skip to the section  Sharing the Staff Login while hiding the Password.

1. Click on Settings.
2. Under the Staff heading, click Manage Staff. 
3. Click on the staff member you want to add a PIN number for.
4. Scroll down to the Security section and add a unique PIN number.
5. Click the Save button
6. Repeat steps 3 to 5 for each of your staff members.

Creating a Shared Staff Login (PIN only)

Now we will create a shared staff login for You'reOnTime. If you are not using the PIN system, you can skip to the next section.

Creating the PIN Login Account

1. Log into You'reOnTime with your manager credentials. 
2. Click on Settings.
3. Under the Staff heading, click Manage Staff. 
4. This will prompt the Staff Search screen, click the Add a new Staff member button.
5. Create a new staff member with the following details:
   
   a) Firstname: [Your Location Name]
   b) Surname: Staff
   c) Login User Name: staff
   d) Password: [Set your staff password here - it must contain at least 5 letters and with at least 1 number and a symbol: eg: beauty01! ]
   e) User Level: Staff
   f) Make sure Available for Online Bookings and Change password on next logon boxes are  NOT ticked.
6. Click the Save button.

Enable PIN Log-ins.

1. Click on Settings. Under Staff heading, select Staff General Settings.
2. Under the Pin Number Details section, tick the box for the Requires users to log into the system with a Pin number field and enter 15 or 30 in the Automatically log out after seconds field. Then click Save.

Sharing the Staff Login while hiding the password

Now we will save the You'reOnTime Staff login credentials in LastPass and share them with Staff, all while keeping the password secret.

Add the login credentials to LastPass Vault

1. Log into LastPass using your Admin Account login.
2. Under All Items, click on Add Item. If prompted, select Password when adding a new item.
3. Enter the following information:
   
   URL: https://app.youreontime.com
   Name: This is the label for the login being saved in LastPass, not the username. This can be anything you like.
   Username: This is the username that will be logged into You'reOnTime. For example, if you created a user named 'scott' then put scott here. If you are using PIN System as described in the previous section, then enter the group login name that you have chosen.
   Site password: This is the password you created for the You'reOnTime user.
   
   Then click Save.
4. Repeat these steps for any other logins you have created. 

Sharing the login credentials with your Staff

1. Hover the mouse over the password item you have just saved and click Edit. Then click on the Share button.
   
2. Enter the email address (or addresses) of the staff/location you want to share the login with. These will be the email addresses of the LastPass users you created in the section Creating LastPass accounts for each Location or User, for example: westend_staff@yourbiz.com
   
   

   Important: Ensure that you do not tick Allow Recipient to View Password. Doing so will allow your staff to view the password.

   Then click  Share.

3. If you are using the PIN system, make sure you are logged in to the (location) email you created (eg: westend_staff@yourbiz.com) and the corresponding LastPass account. An email will be sent from LastPass prompting to accept the login details by clicking Accept Shared Data. 
   
   If each staff member logs in using a password, the recipient will then receive an email asking them to Accept Shared Data. 
4. Once they have clicked this button and logged into LastPass, they will then be able to use the shared login credentials to log into You'reOnTime (https://app.youreontime.com) but will not be able to see the password. To continue using this login feature, the device must remain logged into LastPass.(Notice that the password is automatically entered and is not visible to the user)
   
   
   If you have chosen to use the PIN System, your staff will then be prompted to enter their PIN in order to use the system.

Important Considerations

1. When using the PIN system, it is recommended to create a single Admin LastPass account and YOT Shared Login account for each location.
2. Ensure that the Staff LastPass account remains logged in on devices you want your staff to use. If they are logged out of LastPass they will not be able to log into You'reOnTime. 
3. If you do not want staff to be able to log in from home, ensure that only business owners and trusted admins (store managers) have access to log into LastPass Admin and Staff email accounts. Do not disclose the passwords to the staff email accounts and do not share LastPass items to email addresses you do not control (i.e. staff personal email accounts).
4. It is recommended that you enable Multi-Factor Authentication for each of your LastPass accounts so that business owners or trusted admins are required to approve logins to LastPass accounts. This will also help prevent logins from home.
   (Example of the Multi-Factor Authentication screen when logging into LastPass from an unauthorised/unknown device)
5. If you change a You'reOnTime password for a shared login, you will need to update the password in your LastPass Admin account and reshare it to your LastPass Staff accounts.