Enhanced security for payroll payslips processes in Payflow

To initiate a payroll run and the production of payslips through a defined Payflow service, the payroll provider must upload a manifest file to the Sage People server. The manifest file is a csv file containing information related to employees, with one record for each Team Member. Each Team Member record includes the file name of the payslip for that employee. When the Payflow service runs, the manifest file is acquired from the server, and the payslip files downloaded and processed.

Enhancements to the service support inclusion of additional security features in manifest files to help ensure payroll services can continue to run successfully through to self-service payslip delivery to employees.

To use the enhancements, the payroll provider must include additional information in the manifest file:

  • The org Id of the target org in the manifest file name and in column 1 of each Team Member record. The column heading must be Organization Id.

    You can find the 15 alphanumeric character org Id on the Salesforce setup Company Information page for the org.

  • A checksum for each Team Member record. The checksum must be calculated using the MD5 algorithm and encoded in Base64. The column heading must be Checksum

Two new fields have been added to the Payflow Service object, and displayed as checkboxes on the Payflow Upload Configure page, Options section to enable you to select additional security settings:

Partial screenshot sowing Payflow Upload Configur page with new checkboxes for manifest file additions highlighted

Note

Enhancements to Payflow are delivered in a software patch expected to follow the Sage People Y24.2 release. You may not see the new fields immediately - they will be displayed as soon as the patch is installed.

  • Ensure Org Id in manifest

    If this checkbox is selected, Payflow ensures the manifest file supplied by the payroll provider includes the org Id of the target org in two locations:

    • In the manifest file name. If the org Id is missing or incorrect, the payroll process will fail.

    • In column 1 of each record in the file. Any records without the correct org Id will not be processed.

  • Use checksums in manifest file

    If this checkbox is selected, Payflow validates the checksum provided in the manifest file for each downloaded record. If the checksums agree, the record file is matched to a Team Member. If checksums do not agree the record file is deleted and an email is sent to Sage People Support.

    Checksums are constructed to conform to the widely used MD5 standard.

Note

The checkboxes work independently of each other - you do not have to use both - but you must ensure your payroll provider has made the related changes to the manifest file before you can use either of them.

Permission set changes

The permission sets supplied with the Payflow package have been modified to grant access to the new fields as follows:

Permission set Ensure Org Id in manifest Use checksums in manifest file
Sage People HR Administrator fPay

Read access

Edit access

Read access

Edit access
Sage People HR Manager fPay Read access Read access
Sage People Platform Team Member fPay No access No access