BenefitPoint 2021 R3 Release Notes

SSO will now be used as the login method for all BenefitPoint users. With this release, every BenefitPoint user must perform a short migration flow to be able to log in.

• For customers that do not have the VSSO (Vertafore Single Sign-On) product: Your users will see a change in how they log in to the application.

• For customers that do have the VSSO product: Logging into BenefitPoint will work in the same way as your other VSSO-enabled applications.

What does this mean for my users?

1. ALL users must migrate their BenefitPoint user account to SSO by following this simple migration flow:

   The “Migrate Now” link on the login page is what begins the flow. It is a simple three-step process:

   1. On the login page, click the Migrate Now link and enter your BenefitPoint production credentials.

      1. If one of the following conditions are true, you will be able to change your username:

         1. If you have never used SSO to log in and your username does not match your official corporate email address.

         2. If you already use VSSO to log in to other products and your username does not match your existing VSSO email address.

      2. If a username change is needed, check the “Username change desired” box and enter your desired username twice.

   2. Click Migrate Now.

      1. If you have never used SSO before, you will receive an account activation email that includes a “Join Now” link. Click this link to set your first-time password, at which point you will be able to log in to BenefitPoint.

      2. If you already have a VSSO account and your BenefitPoint username matches your VSSO username, you are ready to log in to BenefitPoint.

   3. Done! Return to the BenefitPoint login page and click the SSO Login button to log in to BenefitPoint.

   Note: If a user’s BenefitPoint password has expired but they need to migrate, a broker admin may simply navigate to that user in the User tab and click Save. This will auto-migrate them. For more detailed instructions, see the link mentioned above.

   Note: If your firm already uses VSSO, this migration process is still necessary. The process will link the BenefitPoint user to the existing VSSO user.

2. Any user that wishes to log in to BenefitPoint MUST have a username that is a legitimate email address where they can receive emails.

   1. A key part of SSO’s functionality relies on sending emails to users. This is done for first-time account setup but also for all password resets, and, if applicable, multi-factor authentication.

   2. The migration flow gives users the option to change their username if they were not using a legitimate email address. Alternatively, broker admins can make these changes by editing users manually.

   3. Any users that do not log in to BenefitPoint do not need to have legitimate email addresses and do not need to migrate.

   4. For any admin users that need to log in to multiple BenefitPoint brokerages, see the Multi-Brokerage Access feature.

3. The BenefitPoint login page now looks different:

   

   After performing the migration process, you can login by clicking the orange SSO login button, which redirects you to the SSO login page:

   

   After entering your credentials here, you will be logged into BenefitPoint.

4. Once migrated to SSO, password resets can be performed by the users and does not require admin intervention.

   1. At any time, a user may click on the SSO login button on the BenefitPoint login page, then click the Change Password link (or Forgot Password if they forgot it).

   2. There is no limit on how many password resets can be performed in any period.

   3. Entering the incorrect password three times will result in the account being locked for 15 minutes. After that time, the Forgot Password link may be used. Any firms that have the full VSSO product and have access to the VIM user management tool can manually reset the user’s password to bypass the 15-minute lockout.

What does this mean for admins?

• Admins no longer need to reset users’ passwords.

  • If a user forgets their password or wishes to change it, they can use the Forgot Password or Change Password links on the SSO login page.

• The password field when creating or editing users has been removed. Each user now sets their own password and can reset it themselves when needed.

• Creating a new user will automatically migrate that user to SSO.

  • Upon creation, a new user will receive a first-time account setup email from SSO. This is the same email that is sent when existing users migrate.

  • If a user is created with an illegitimate email address, an account setup email will not be able to reach them and they won’t be able to log in.

• Saving an existing user will automatically migrate that user to SSO, if they are not already migrated.

• Editing a user’s first name, last name, or email address will push those changes to SSO.

  • The SSO system will automatically attempt to send an email notification to a user any time their email address is changed. It will attempt to send to the new email address.

• If your firm has the full VSSO product and uses the VIM user management tool, any changes made to a user’s first name or last name will be reflected in BP the next time that user logs into BP.

What does this mean for API users?

• API users still use a native BenefitPoint password; BenefitPoint’s API endpoints will NOT use SSO upon this release. We do plan on eventually implementing SSO login for our APIs but have no timeline on this yet.

• A new section exists on the create/edit user screen called “Web Service Password” where this native password may still be set.

• Upon this release, no native passwords will be changed for any users. There is no need to reset any web service users’ passwords after the release.

• If an API user also needs to log in to the BenefitPoint UI, they will need to migrate to SSO like any other UI user. This will not affect their API password or API access. They will need to use their native BenefitPoint password to access the API, and a separate SSO password to access the UI.

What will happen with multi-factor authentication (MFA)?

• BenefitPoint’s MFA will be turned off and you will instead use SSO’s built-in MFA. No extra action is needed to make this transition.

• If you currently use MFA in BenefitPoint, then upon migration, each of your users will be asked to set up their MFA again (i.e., input their phone number or email for MFA).

• After that, the experience of MFA will be the same, but the system sending the MFA requests will be SSO instead of BenefitPoint.

What does this mean for test environments?

• BenefitPoint test environments (Test1, Test2, Preview1, Preview2, etc.) are often one version behind production for a span of time. A BenefitPoint environment needs to be on version 21R3 or higher for SSO to be enabled. Until this happens, native login must still be used.

• Once a test environment is on version 21R3 or higher, SSO must be used. If you have migrated your user in production, you do not need to migrate again! As long as your username on the test environment matches your SSO username, you can log in to the environment using your SSO credentials.

• Test/training users:

  • If you have users that do not exist in production, who have illegitimate email addresses, or who are passed between trainees on a temporary basis, you will not be able to service these accounts in the same way you did before.

  • If you wish to continue using these users, there are two options:

    • Instead of using illegitimate email addresses, create users on the test environment that match the trainees’ actual work email addresses. This will create an SSO account for them, but they will not be able to log in to the production environment until you add them there as well.

    • If you wish to keep the old users with illegitimate email addresses, you will need a way to receive emails on behalf of these users so their passwords can be managed. Your IT department should be able to set it up so that emails sent to these illegitimate email addresses get forwarded to legitimate ones (i.e. email aliases). Each email sent from the SSO system will state the user’s first name, and as long as the first name of the test users are unique and recognizable, you should have no problem servicing multiple users’ password resets under a single inbox.

What does this mean for eStatements users?

• When logging into eStatements, SSO will not be used.

• Users should continue to use their native BenefitPoint passwords to log into the eStatements tool.

• This password can still be reset by Broker Admins via the password fields in the “Web Services Information” section when editing a user.

If you are an admin that needs to have access to multiple BenefitPoint brokerages, you may now use the same username (i.e. email address) for each brokerage.

Usernames must still be unique within a single brokerage, but no longer need to be unique across all of BenefitPoint.

When a multi-brokerage user logs in, they are presented a selection screen to choose which instance they wish to log in to.

If you have users that exist in multiple brokerages, you can use the SSO migration workflow from the login page to change all your users to the same email address:

1. Perform the migration workflow for the user whose email matches your work email address.

2. For each additional user, perform the migration workflow and check the “Username change desired” checkbox. You can change each of your multiple users so their username matches your work email address.

3. Once all your users have gone through the migration and username change process, log in to BenefitPoint via SSO. After logging in, you will be presented a screen where you can select which brokerage to log in to.

SSO is a method of logging in, and VSSO is a Vertafore product built around it that allows user management across all Vertafore products. BenefitPoint will use the VSSO’s SSO functionality on the backend to authenticate all BenefitPoint users, and if you did not have the VSSO product before, you will have it now. That is why we are referring to the BenefitPoint-specific feature as “SSO” not “VSSO.” Managing BenefitPoint users can still occur within BenefitPoint without the help of VSSO’s user management features.

Microsoft has announced that beginning August 17, 2021, all Microsoft 365 apps and services will no longer support Internet Explorer. Moving forward, BenefitPoint will only be fully supported in Chrome, Firefox, and Edge.

• We will continue to test BenefitPoint’s functionality using the most recent version of these three browsers at the time of release. We always support the latest versions of these browsers.

• Internet Explorer compatibility mode is no longer necessary for Edge users and can be disabled for all BenefitPoint URLs.

A new warning message will show up when a Sagitta-integrated user attempts to post a statement whose Entry Date does not match the current date. This is to prevent unintentional posting of statements that could cause a mismatched posting date in Sagitta.

Defect Number	Description
DE21801	Fixed an issue for Sagitta-integrated firms where the dropdown for Bill-to accounts in the installments window would not show up.
DE22690	Fixed an issue where the Cancel Current Plans and Products link on the Plans tab would miss or incompletely audit log entries on the affected plans/products.
DE22801	Fixed an issue where activity log notification emails were intermittently failing to send.
DE23387	Improved the speed and performance of the integration error log page, for those firms integrated with AMS360 or Sagitta.
DE23859	Fixed an issue where firms using an older version of the plan listing page were unable to renew plans from that page.
DE24051	Fixed an issue where certain products did not have available departments listed, and therefore could not be edited or saved.
DE24194	Improved the speed and performance of the Carrier Codes subtab under the Broker Admin AMS360 Integration tab.
DE24378	Fixed an issue where payees without addresses could not be added to standard splits.
DE23851	Corrected an issue from 21R2 where the Number of Lives field on a rate could be set to a decimal value instead of an integer.
DE23983	Fixed an issue with inquirer info on activity log records where the Insured information section was not automatically displaying after selecting Insured as the inquirer type.
DE24210	Fixed an issue where firms using an older version of the plan listing page were unable to navigate through the pages of plans.
DE25121	Fixed a performance issue that prevented users from editing certain payees.

For optimal performance of the application, we recommend the following as a minimal configuration:

HARDWARE/SOFTWARE	MINIMUM REQUIREMENTS/RECOMMENDATIONS
Processor/CPU Speed	Recommended: i5, i7 or Multi-core: 2.6 GHz or above Minimum: Core 2 Duo: 2.3 GHz or above Not supported: Single Core, Reduced feature CPUs, such as Celeron or AMD Sempron
Memory:	Recommended: 4GB Minimum: 2 GB
Hard Drive Space	Minimum: 150Mb of local disc space per user
Video	Minimum: Resolution 1024x768 with 16-bit high color or better
Operating System	Recommended: Windows 10 (64-bit)
Microsoft Office (Word, Excel)	Recommended: Office 365
Supported Web Browsers	Chrome, Firefox, and Edge

 

	BenefitPoint Web App	BenefitPoint Outlook Plugin
Latest Version	21.1.0.0.146	4.12
Recommended OS	Windows 10 (64-bit)	Windows 10 (64-bit)
Recommended MS Office	Office 365	Office 365
Supported Browsers	Chrome, Firefox, or Edge	N/A
Minimum AMS360 Version	19R1	N/A
Minimum Sagitta Version	19R1	N/A

https://support.vertafore.com/

We value your feedback to ensure we are working on what is most important to you. Please use My Vertafore to provide feedback. We appreciate your input, whether positive or negative, on any visible change.