TASS.web > System Admin > Users > User Maintenance > New
For User ID I use their Lastname and First Initial. For their name, I always put (NASC) at the end so we know who's who in the list.
Put them in Company 01. Unless you're instructed to give them access to the NASC payroll - in which case you also add them to Company 02.
For License Registrations - for the most part you would choose Finance and Payroll - not Students unless they specifically need it.
Hit Save to create the user.
TASS.web > System Admin > Users > LDAP/SAML Maintenance > TASS.web > Add
Map the User ID from step 1 to the newcastleanglican.org.au email address of the new user.
TASS.web > System Admin > Users > Assign Security Roles
Select your new user and assign them the role you are mirroring from the other person. Never assign permissions uniquely, always use a Role.
TASS.web >Payroll HRM > Payroll > Setup Information > User/Payroll Access > New User Access
Map your new user to 02 FORTNIGHTLY PAYS.
Azure Active Directory > Users > Invite Guest
Type the name and email address of the new user. In the invitation box, type the below:
--
Welcome to Bishop Tyrrell Anglican College. You will use your newcastleanglican.org.au email address to sign into our TASS instance, and you may be required to setup Multi-Factor Authentication on your mobile phone as part of the initial setup process. To begin, please have your phone handy and click the Accept Invitation button below.
--
Note that even though in Azure you can assign a user to a group from the invitation page... it doesn't actually work. So you have to do it manually, and is the last step.
-----------------------------------------------
NOTE: This step is now automated with the NASC user group having dynamic allocation rules.
Azure Active Directory > Groups > NASC Users > Add
Add your new user. They must be in this group to be allowed access to the TASS app registration in Azure... and the MFA Conditional Access Policy targets that group to ensure that NASC staff have to MFA to get into TASS.
-----------------------------------------------
IF YOUR USER NEEDS ACCESS TO TEACHER KIOSK
You can't have access to Teacher Kiosk unless you have an employee record. To give a NASC user access to TK - you'll need to create an Employee Record under TASS.web > Payroll HRM > Employees > Employees > New. Type in the required information and press Next - it will then prompt for an ID number. Look at the list and find the employee with the highest 6-digit employee number. We differentiate between real and fake employees by their employee ID - LGxxx employees are real, xxxxxxx employees are not. Give your new user the next number up.
You will need to set the following attributes:
- Kiosk Password - anything, just mash the keyboard
- School Email
- Date of Birth - 1/1/1970
- Address Tab > Address > School's address
- Payroll Details Tab > Payroll Number > 99
- Payroll Details Tab > Award > HR
- Payroll Details Tab > Pay Point > CAS
- Payroll Details Tab > GL Account > 20-2002-00-00
- Payroll Details Tab > Position Code > HR
- Payroll Details Tab > Rate Code > 1
- Payroll Details Tab > Base Hours > 0
- Payroll Details Tab > Allowances Per Period > 0
- Tax & Bank Tab > Pay Method > 0
- Tax & Bank Tab > Tax Free Thereshold Claimed > No
- Tax & Bank Tab > Study Training & Support Loan Debt > No
- Tax & Bank Tab > Residency Tax Status > Resident
- Tax & Bank Tab > Medicare Levy Fields (3) > None
- Tax & Bank Tab > Tax Scale > A
The reason you have to set all of those attributes is because TASS marks them as required... the only thing we are actually needing to do is set the Kiosk Password because you can't login to TK without that attribute set. The rest of the stuff is only to get past TASS's form validation. Stupid but whatevs.
You then go to TASS.web > System Admin > LDAP/SAML Maintenance > Teacher Kiosk > Add. Map the new Employee ID to their newcastleanglican.org.au email address
Finally, TASS.web > System Admin > Portal Security Permissions > Teacher Kiosk. Choose the relevant role (probably Teacher), click Assign Users, find your new employee and assign them.