Administration & user management

This article will help you:

• Log in to the Checkr Dashboard
• Change or Reset your password
• Help, I've been locked out of my account!
• Unlock users' passwords as an admin
• What are Checkr's password requirements?
• Create a strong password for your Checkr account

Log in to the Checkr Dashboard

When logging in to the Checkr Dashboard, you have the option to use your email address or to log in using your GitHub or Google account credentials (if your organization has enabled this functionality).

Change or reset your password

To reset your password:

1. Navigate to the Checkr Login page.
2. Click Don't remember your password?
3. Enter your email to receive a password reset email.

Your password reset token will be valid for four hours.

Sometimes password reset emails end up in your email's Spam folder, so be sure to check there if you don't receive an email. If the password reset email doesn't work, then check to see if you received more than one email. Then try using the more recent email to reset your password.

Help, I've been locked out of my account!

If you fail ten password attempts, your account will be locked. To unlock your account, ask an admin on your team to assist you with resetting your password.

Unlock users' passwords as an admin

To unlock a user's account and issue a password reset email, follow these steps:

1. Log in to the Checkr Dashboard and go to Account Settings > Users
2. Find the user you wish to unlock, and click unlock

Make sure the user receives their password reset email (since it can end up in the Spam folder), and if the user receives more than one email, have them use the most recent one to reset their password.

What are Checkr's password requirements?

Whether you're creating a password for the first time or resetting your password, Checkr will evaluate the strength of your password to make sure that it is secure and not easily guessed.

Passwords must be at least 8 characters long, and we don't restrict the use of numbers or special characters.

As you create a new password, the system will provide feedback on password strength. If your password is easily guessed or has been exposed in a leak online, Checkr will prevent you from using it. We believe this approach is more secure than traditional strict-password standards, as a password like P@ssword1 would typically clear strict-password requirements, but it is actually easy to guess. Checkr Dashboard passwords will expire after 90 days.

Create a strong password for your Checkr account

If you're having trouble finding a password that meets our requirements, use a long, random, and unique string of characters. You can use a passphrase, but it shouldn't be a common phrase from a book, movie, TV show, etc., as those are commonly used.

To choose and store a secure password, use a secure password manager like LastPass or 1Password to generate and auto-fill unique passwords for each site you visit, including Checkr.

Many recruiters and HR professionals want to receive updates on their candidates as they progress through the background check process. Checkr can provide email updates to you on candidates as they progress, letting you keep the candidate workflow efficient and follow up with candidates who may be in statuses like Consider, Suspended, or Expired.

To set up these email updates, go to the Account settings section, then scroll down to the Notifications section.

You can receive the following notifications:

• All report updates: Receive an email for any changes to the report status.
• Report created: Receive an email when a new background report is created.
• Report clear: Receive an email when a report completes with a Clear status.
• Report consider: Receive an email when a report completes with a Consider status, indicating that the report has something for you to review.
• Report suspended: Receive an email when a report is suspended, meaning that Checkr contacted the candidate to provide additional information, but the candidate hasn't responded yet.
• Report canceled: Receive an email when a report is canceled, meaning all screenings in the report were canceled.
• Report disputed: Receive an email when a report is disputed, meaning a candidate has contacted Checkr to contest the report's accuracy. Checkr initiates a re-investigation for these candidates. At least 1 user must be subscribed at all times to receive these notices.
• All candidate updates: Receive an email when a candidate invitation is sent or expires.
• Candidate invitation expired: Receive an email when an invitation has expired because the candidate didn't complete the process within 7 days or the customer-specified period.
• Candidate invitation sent: Receive an email every time an invitation is sent to a candidate.
• All Candidate Stories: Receive an email every time a candidate story is submitted.
• Candidate stories submitted pre/post AA: Receive an email if a candidate story is submitted before an Adverse Action is initiated or after the Pre-Adverse Action notice has been sent.

Customers with the Assess feature have the additional options below:

• All report assessment updates: Receive an email for all changes to any report assessment.
• Report assessment Eligible: Receive an email when a report assessment changes to Eligible.
• Report assessment Review: Receive an email when a report assessment changes to Review.
• Report assessment Escalated: Receive an email when a report assessment changes to Escalated.
• Report assessments (daily digest): Receive a daily email itemizing all changes to report assessments.

Click Update my Account to save your preferences.

Checkr does not currently support the merging of accounts or migration of data/reports from one account to another. If more than one account exists for your organization, please select a primary account and work with Checkr Customer Support to de-authorize the unused account. 

Contact Checkr Customer Support to change the business address associated with your account. When submitting the request, please indicate whether you'd like the change applied to your business address or billing address (or both). 

Email address changes can be made through the Checkr dashboard. Use the Account Settings page to add an email address for Support, Billing, Technical Contact, Compliance Contact, and Adverse Action. See Set up your account for more information.

Question

Is it possible to update the URI name tied to our Checkr account?

Answer

The URI name is a unique account identifier that cannot currently be changed.

Checkr provides the tooling to enable customers to configure their SSO using SAML through the Checkr Dashboard.

For more information, refer to Account settings > Single Sign On in the Checkr Dashboard User Guides, or the SSO Features page.

Frequently Asked Questions

Does Checkr support JIT (just-in-time) provisioning via SAML?

No. Provisioning of users must be performed by manual user management in the Checkr Dashboard or through SCIM APIs.

Can an SAML request change authorizations within Checkr?

No. Checkr requires management of user roles either through the Checkr dashboard or through SCIM APIs. We do not support adjustment of authorization or assignment of roles through SAML requests.

Are you able to supply SAML metadata to us for your endpoint? Can you read metadata from us instead of manually entering SAML information in the Checkr Dashboard?

No. Checkr does not presently support either generating or ingesting SAML metadata. Configuration of the connection must be done manually.

What are the requirements for the Subject:NameID value?

The Checkr Dashboard recommends making use of values such as UUID or GUID from your Identity Provider. The requirement is that the Subject NameID must be a unique identifier. This could be an email address, username, UUID, GUID, or any other unique identifier that is easy to manage from within your IdP.

I have multiple Checkr accounts. Can I use SSO on all of them?

It depends! Checkr can support SSO on multiple accounts, however there are several caveats. Each account will require a separate SSO application and separate SSO setup in your IdP. If those accounts use the same email address domain for user logins, you cannot provision SP-initiated SSO for any of your accounts, although IdP-initiated SSO will work.

Can I prevent users from logging in to Checkr with a Checkr-specific password?

You can, provided you can move to SP-initiated SSO. When you enable SP-initiated SSO, your users will be redirected to your IdP for authentication. Checkr won't ask your users for a password.

Can I make use of SCIM?

You can. Today’s process requires you to provision users via SCIM. However, there is no ability to assign users programmatically to account nodes through the SCIM API. Therefore, you must establish a process where a Checkr administrator will assign a newly created user to a node within your account after the SCIM interface has concluded its work.

Does Checkr support roles or other SCIM endpoints?

Today, Checkr only supports provisioning through the Users SCIM endpoint. You must manually configure roles by mapping Checkr roles defined using the Checkr Dashboard to your internal roles.
When sending the user roles defined in the Checkr Dashboard as part of a SCIM Users request, be certain to send the role as all lowercase with an underscore (_) character replacing spaces. (For example: Send “Limited User” as “limited_user”.)

Do you support assertion encryption for your SAML connections?

Not yet. However, Checkr requires an HTTPS endpoint for your IdP and only accepts inbound SAML requests via HTTPS. This provides a layer of encryption between the IdP and Checkr and prevents third parties from reading the information in transit.

Question

I am receiving a forbidden error when trying to open a candidate’s report in the Checkr Dashboard. What is causing this issue?

Answer

A forbidden error appears when you're not allowed to access the requested resource, usually for a reason below:

• You aren't set up with the correct permission to access reports in a certain work location or node.
• If you need access to the report, check with your administrator to adjust your Checkr role as required. 
• The candidate was deleted from the database, and access to their report is no longer permitted. 
• If your team requires a background check for a deleted candidate, you need to create a new candidate and order a new report.