• How do I manage user permissions?

    Read More

    Checkr's user roles provide varying levels of access for team members involved in each stage of the background check lifecycle.

    To manage user permissions, log into the Checkr Dashboard as an admin, click the Account Settings section, then the Users tab.

    Depending on the user's role, set one or more of the following permissions. An individual user in Checkr can have multiple roles (such as adjudicator AND requester).

    mceclip0.png

    Checkr's user roles

    • Limited User: Can view the Candidates list. Cannot see candidate details or view reports. This role is automatically assigned to all new users on an Account.
    • Requester: Can access, send, monitor, and cancel invitations to initiate background checks. This role can see the status of reports in the Candidates page, but cannot see the results of completed reports. This role can also see candidate documents and exceptions, but cannot see completed report details. Assign this role to recruiters who initiate background checks.
    • Adjudicator: Can see candidate and report details. This role can adjudicate Reports, engage candidates, and send Pre-Adverse Action notices to candidates. Assign this role to adjudication staff.
    • Restricted Admin: Available for Account Hierarchy enabled accounts only, this role has all permissions of Adjudicators and Requesters for candidates in their Account Hierarchy node. This role can invite users to the account, and assign non-Admin user roles. This role can also view invoices and change developer settings. This role cannot update billing or settings. Assign this role to administrators for sub-nodes on your account.
    • Admin: Has full access to all functionality within the Checkr Dashboard. This role can update account settings (including billing information), assign all roles to any users in the account. Limit this role to core members of your team.
    For security purposes, Checkr cannot adjust user permissions. Please contact the admin on your team if you need a different role.

    The first user to an account will always be an admin. We recommend that you add more than one admin to your account, so that if an admin gets locked out of the account, another admin can unlock them.

    Manage user permissions by Geo (location)

    If your team is assembled by region, you may want a certain user to have access only to candidates in their region. To do this, make sure you have Geos set up to reflect the different locations where you hire candidates.

    From the Account SettingsUsers tab, find the user whose permissions you want to change, and click edit geos.

    You can then choose specific geo locations to which that user will be subscribed. Users will only be able to access and manage candidates in the geos you've selected.

     

     

     

  • How do I manage my email notification preferences?

    Read More

    Question

    How do I adjust my email notification preferences?

    Answer

    Many recruiters and HR professionals want to receive updates on their candidates as they progress through the background check process. Checkr can provide email updates to you on candidates as they progress, letting you keep the candidate workflow efficient and follow up with candidates who may be in statuses like ConsiderSuspended, or Expired.

    To set up these email updates, go to the Account settings section, then scroll down to the Notifications section.

    You can receive the following notifications:

    • All report updates: Receive an email for any changes to report status.
    • Report created: Receive an email each time a new background report is created.
    • Report clear: Receive an email when a report completes with a Clear status.
    • Report consider: Receive an email when a report completes with a Consider status, indicating that the report has something for you to review.
    • Report suspended: Receive an email when a report is suspended, meaning that Checkr contacted the candidate to provide additional information, but the candidate hasn't responded yet.
    • Report canceled: Receive an email when a report is canceled, meaning that all screenings in the report were canceled.
    • Report disputed: Receive an email when a report is disputed, meaning a candidate has contacted Checkr to contest the report's accuracy. Checkr initiates a re-investigation for these candidates. At least 1 user must be subscribed at all times to receive these notices.
    • All candidate updates: Receive an email when a candidate invitation is sent or expires.
    • Candidate invitation expired: Receive an email when an invitation has expired because the candidate didn't complete the process within 7 days or the customer-specified period.
    • Candidate invitation sent: Receive an email every time an invitation is sent to a candidate.
    • All Candidate Stories: Receive an email every time a candidate story is submitted.
    • Candidate stories submitted pre/post AA: Receive an email if a candidate story is submitted before an Adverse Action is initiated, or after the Pre-Adverse Action notice has been sent.

    Customers with the Assess feature have the additional options below:

    • All report assessment updates: Receive an email for all changes to any report assessment.
    • Report assessment Eligible: Receive an email when a report assessment changes to Eligible.
    • Report assessment Review: Receive an email when a report assessment changes to Review.
    • Report assessment Escalated: Receive an email when a report assessment changes to Escalated.
    • Report assessments (daily digest): Receive a daily email itemizing all changes to report assessments.

    Click Update my Account to save your preferences.

    Email preferences are set for each individual account, so you can set the ones that you’d like to receive without worrying about changing your teammates’ settings.
  • How do I invite or delete users in my account?

    Read More

    This article will help you:

    • Invite new users to your account
    • Delete users from your account
    Note

    Only admins can add, delete, or edit users.

    Invite new users

    To invite new users to your account, log in to the Checkr Dashboard as an admin, then go to Account settingsUsers.  

    To add a user, enter their email in the field under Invite a user to your account. This will send an invitation to the new user. 

    We recommend that you have more than one user on your account so that you have a backup contact to access reports.

    After you add a new user, set their user role (and geo (work location) if relevant). To learn more, refer to "How do I manage user permissions?"

    Delete users

    To delete existing users from your account, log in to the Checkr Dashboard as an admin, and then go to Account settingsUsers.

    Next to each user is a red trash button that will delete the user and prevent them from accessing the account.

    Important

    Checkr can't recover deleted users on your account.

    Adding users when your admin has left the company

    In the event that roles transition and the admin leaves your company, make sure that you have at least one remaining admin to manage the account with proper privileges.

    If you don't have an admin on your account and need to become the new one contact Checkr Customer Support.

    We will validate your name and email and send a confirmation to the contract signer and/or billing/technical contact and other existing admins (even if their emails no longer exist).

  • Can I merge two Checkr accounts together?

    Read More

    Question

    We would like to consolidate two accounts into one.

    Answer

    Checkr does not currently support the merging of accounts or migration of data/reports from one account to another. If more than one account exists for your organization, please select a primary account and work with Checkr Customer Support to de-authorize the unused account. 

  • How do I reset my password or unlock my account?

    Read More

    This article will help you:

    Log in to Checkr Dashboard

    When logging in to Checkr, you have the option to use your email address, or to log in using your GitHub or Google account credentials (if your organization has enabled this functionality).

    Change or Reset your password

    If you want to change your password:

    1. Log in to the Checkr Dashboard
    2. Go to the Account Settings section
    3. There, you'll find the Change your Password section.

    If you forgot your password, click Don't remember your password?

    Enter your email to receive a password reset email.

    Your password reset token will be valid for four hours.

    Sometimes password reset emails end up in your email's Spam folder, so be sure to check there if you don't receive an email. If the password reset email doesn't work, then check to see if you received more than one email. Then try using the more recent email to reset your password.

    Help, I've been locked out of my account!

    If you fail ten password attempts, your account will be locked. To unlock your account, ask an admin on your team to assist you with resetting your password.

    Unlock users' passwords as an admin

    To unlock a users' account and issue password reset email, follow these steps:

    1. Log in to the Checkr Dashboard and go to Account SettingsUsers
    2. Find the user you wish to unlock, and click unlock

    Make sure the user receives their password reset email (since it can end up in the Spam folder), and if the user receives more than one email, have them use the most recent one to reset their password.

    If you are the only admin on your account and have been locked out, please contact Checkr Customer Support.

    What are Checkr's password requirements?

    Whether you're creating a password for the first time or resetting your password, Checkr will evaluate the strength of your password to make sure that it is secure and not easily guessed.

    Passwords must be at least 8 characters long, and we don't restrict the use of numbers or special characters.

    As you create a new password, the system will provide feedback on password strength. If your password is easily guessed, or has been exposed in a leak online, Checkr will prevent you from using it. We believe this approach is more secure than traditional strict-password standards, as a password like P@ssword1 would typically clear strict-password requirements, but it is actually easy to guess. Checkr Dashboard passwords will expire after 90 days.

    Create a strong password for your Checkr account

    If you're having trouble coming up with a password that meets our requirements, use a long, random, and unique string of characters. You can use a passphrase, but it shouldn't be a common phrase from a book, movie, TV show, etc. as those are commonly used.

    To choose and store a secure password, use secure password manager like LastPass or 1Password to generate and auto-fill unique passwords for each site you visit, including Checkr.

     

  • How do I change the business address on my account?

    Read More

    Question

    How can I change the business address associated with my account?

    Answer

    Contact Checkr Customer Support to change the business address associated with your account. When submitting the request, please indicate whether you'd like the change applied to your business address or billing address (or both). 

    Email address changes can be made through the Checkr dashboard. Use the Account Settings page to add an email address for SupportBillingTechnical ContactCompliance Contact, and Adverse Action. See Set up your account for more information.

     

  • Can I change the URI name tied to our Checkr account?

    Read More

    Question

    Is it possible to update the URI name tied to our Checkr account?

    Answer

    The URI name is a unique account identifier that cannot currently be changed.

  • Does Checkr support Single Sign On integrations?

    Read More

    Checkr provides the tooling to enable customers to configure their SSO using SAML through the Checkr Dashboard.

    For more information, refer to Account settings > Single Sign On in the Checkr Dashboard User Guides, or the SSO Features page.

    Frequently Asked Questions

    Does Checkr support JIT (just-in-time) provisioning via SAML?

    No. Provisioning of users must be performed by manual user management in the Checkr Dashboard or through SCIM APIs.

    Can an SAML request change authorizations within Checkr?

    No. Checkr requires management of user roles either through the Checkr dashboard or through SCIM APIs. We do not support adjustment of authorization or assignment of roles through SAML requests.

    Are you able to supply SAML metadata to us for your endpoint? Can you read metadata from us instead of manually entering SAML information in the Checkr Dashboard?

    No. Checkr does not presently support either generating or ingesting SAML metadata. Configuration of the connection must be done manually.

    What are the requirements for the Subject:NameID value?

    The Checkr Dashboard recommends making use of values such as UUID or GUID from your Identity Provider. The requirement is that the Subject NameID must be a unique identifier. This could be an email address, username, UUID, GUID, or any other unique identifier that is easy to manage from within your IdP.

    I have multiple Checkr accounts. Can I use SSO on all of them?

    It depends! Checkr can support SSO on multiple accounts, however there are several caveats. Each account will require a separate SSO application and separate SSO setup in your IdP. If those accounts use the same email address domain for user logins, you cannot provision SP-initiated SSO for any of your accounts, although IdP-initiated SSO will work.

    Can I prevent users from logging in to Checkr with a Checkr-specific password?

    You can, provided you can move to SP-initiated SSO. When you enable SP-initiated SSO, your users will be redirected to your IdP for authentication. Checkr won't ask your users for a password.

    My account has Account Hierarchy enabled or my account uses geos. Can I make use of SCIM?

    You can. Today’s process requires you to provision users via SCIM. However, there is no ability to assign users programmatically to account nodes (or geos) through the SCIM API. Therefore, you must establish a process where a Checkr administrator will assign a newly created user to a node (or geo) within your account after the SCIM interface has concluded its work.

    Does Checkr support roles or other SCIM endpoints?

    Today, Checkr only supports provisioning through the Users SCIM endpoint. You must manually configure roles by mapping Checkr roles defined using the Checkr Dashboard to your internal roles.
    When sending the user roles defined in the Checkr Dashboard as part of a SCIM Users request, be certain to send the role as all lowercase with an underscore (_) character replacing spaces. (For example: Send “Limited User” as “limited_user”.)

    Do you support assertion encryption for your SAML connections?

    Not yet. However, Checkr requires an HTTPS endpoint for your IdP and only accepts inbound SAML requests via HTTPS. This provides a layer of encryption between the IdP and Checkr and prevents third parties from reading the information in transit.

     

  • Partner application settings

    Read More

    This article will help you:

    • Create new partner applications
    • Edit, delete, or update existing partner applications

    This article is intended for the following user role(s): admin

    Partner applications allow you to integrate Checkr with your application: for example, to request background checks through an Applicant Tracking System (ATS). 

    If your account has partner applications enabled, you can access them by logging into Checkr as an admin and going to Account settingsApplication Settings.

    If you don't have this setting enabled and would like to use it, please contact Checkr Customer Support.

    To create a new partner application, click New Partner Application. To edit or delete the application, click the pencil or trash can icon.

    When creating a new application, the OAuth redirect URL allows Checkr to authenticate with your application and authorizes Checkr to use data that you pass to it. Use the URL that you would like to send a user to after they authenticate with Checkr.

    Using the OAuth client ID and OAuth client secret, you can generate your own API key to use for your application.

     

  • Receiving “forbidden” error when opening report

    Read More

    Question

    I am receiving a forbidden error when trying to open a candidate’s report in the Checkr Dashboard. What is causing this issue?

    Answer

    A forbidden error appears when you're not allowed to access the requested resource, usually for a reason below:

    • You aren't set up with the correct permission to access reports in a certain work location or node.
    • The candidate was deleted from the database, and access to their report is no longer permitted. 
      • If your team requires a background check for a deleted candidate, you need to create a new candidate and order a new report.
  • Unable to log into the Checkr Dashboard after turning on SSO

    Read More

    Issue

    We've added the SSO/SAML integration with Okta and now authentication no longer works because the domain is locked. Users cannot login. The login box says Single Sign On Enabled and we are no longer prompted for a password.

    Resolution

    Delete any text from the Email Domain field. This will allow users to log in via the Checkr dashboard or via your identity provider (IdP): 

    If you are locked out of your account due to this issue contact Checkr Customer Support for assistance. See Account Settings: Single Sign On for more information

    Cause

    The Email Domain setting disables Checkr direct login. When a domain is entered in this field, account users will be forced to use SP-initiated SSO to authenticate. This should only be enabled/entered after confirming SSO is fully functioning when initiated via IdP.

     

  • Data storage and information security

    Read More

    Checkr's Information Security Management System (ISMS) is ISO/IEC 27001:2013 certified by ANAB-accredited A-LIGN, SOC 2 type II compliant, and uses modern encryption methods to both transfer and store all user information. 

    Encryption: Data is always transferred using Secure Sockets Layer (SSL) and AES-256 encryption. Sensitive information like Social Security Numbers are truncated and stored encrypted in our protected databases.  

    Security: Checkr has established an ISMS (Information Security Management System) based on the ISO 27001:2013 Information Security Standard because it is one of the most recognized frameworks worldwide.

    Risk Management: Checkr has established a risk management program to demonstrate our commitment to information security. We leverage ISO 27005 Risk Management framework to prioritize risks identified.

    Download our latest ISO 27001 certificate from Checkr's Trust & Security page.