...
An enhancement has been made to the in-email timesheet approval functionality so that a confirmation message is now displayed, as shown in Figure 1 below, when the Approve or Reject actions are invoked within an email message. That ensures that human interaction is required to confirm the approval or rejection of a submitted timesheet.
...
| Info |
|---|
This change was made to protect you and your users. We found that on open of an email, an automated process could trigger an action like ‘Approve’ without the recipient being aware this has occurred. This scenario highlighted a potential security risk and as such we needed to take steps to ensure the recipient is triggering the action and not a bot or actor. To assist with change management we suggest you update your In Email Approval template to advise your clients to expect this new pop up, which is required to protect the integrity of the transaction (ie; ensure that it is a human triggering the action). |
Benefits
This enhancement prevents inadvertent approval of timesheets when using in-email timesheet approval. Automated scanning software can be enabled on an email server to scan for illegitimate links within email messages and that can, in turn, trigger the approve/reject actions within an in-email timesheet approval message. By providing an additional confirmation prompt that requires human interaction, this enhancement prevents such automated processes from inadvertently triggering the approval of a timesheet.
...