Inviting Employees & Self-Service
Udyamo HRMS uses a token-based invitation system (powered by the Devise Invitable gem) to onboard employees into the platform. When an administrator creates an employee record, the employee receives an invitation email with a secure link to set up their account. This chapter covers the invitation workflow, employee acceptance, self-service features, and troubleshooting.
Prerequisites
Required: The employee record must exist in the system with a valid email address. See Adding Your First Employee.
How Invitations Work
The invitation system follows this sequence:
- Admin creates employee — When an employee record is saved, Udyamo HRMS generates a unique, time-limited invitation token.
- Invitation email sent — The system sends an email to the employee's registered email address containing a secure link with the token.
- Employee clicks the link — The link opens a page where the employee sets their password.
- Account activated — Once the employee sets their password, their account is active and they can log in to the self-service portal.
Tip: The invitation token is cryptographically secure and unique to each employee. It cannot be guessed or reused.
Sending an Invitation
Automatic Invitation on Employee Creation
When you save a new employee record through Employees > Add New, an invitation email is automatically sent to the employee's email address. No additional action is required.
Manual Invitation from Employee Profile
If the automatic invitation was not sent (for example, the email address was added after initial creation), or if you need to resend:
- Navigate to Employees from the sidebar.
- Click the employee's name to open their profile.
- Locate the Invitation Status section or the Actions menu.
- Click Send Invitation or Resend Invitation.
- A confirmation message appears, and the invitation email is sent.
Invitation Status
Each employee's invitation has one of the following statuses:
| Status | Meaning |
|---|---|
| Invitation Sent | The invitation email has been sent but the employee has not yet accepted |
| Invitation Accepted | The employee has clicked the link and set their password |
| Invitation Expired | The invitation token has expired without being accepted |
| Not Invited | No invitation has been sent (employee was created without a valid email or invitations were disabled) |
You can view invitation status in the Employees list. Filter by Invitation Status to find employees who have not yet accepted.
What Employees See
The Invitation Email
The employee receives an email with:
- A welcome message from the organization
- The organization name
- A Set Up Your Account button or link
- Instructions to click the link within the validity period
The Acceptance Page
When the employee clicks the invitation link:
- Their browser opens the Udyamo HRMS acceptance page.
- The page displays the organization name and the employee's email (pre-filled).
- The employee enters a new password and confirms the password.
- Clicks Accept Invitation or Set Password.
- The system validates the token, sets the password (stored as
encrypted_passwordon the Employee model), and activates the account. - The employee is redirected to the dashboard.
Warning: If the employee sees a "Token is invalid or expired" message, the invitation has expired and needs to be resent by an administrator.
Resending Invitations
Invitations may need to be resent in several situations:
| Scenario | Action |
|---|---|
| Employee did not receive the email (spam filter, wrong email) | Verify the email address is correct, then resend |
| Invitation expired before employee accepted | Resend to generate a new token |
| Employee accidentally deleted the email | Resend the invitation |
| Email address was changed after initial invitation | Update the email on the profile, then send a new invitation |
Steps to Resend
- Open the employee's profile.
- Click Resend Invitation from the Actions menu or Invitation Status section.
- A new token is generated and a fresh email is sent.
- The previous token is invalidated.
Tip: If multiple employees have not accepted their invitations, you can select them from the Employees list and use the Bulk Resend Invitations action (if available) to resend all at once.
Invitation Token Expiry
The invitation token has a configurable expiry period. By default, tokens are valid for a set number of days after they are generated.
| Setting | Default | Where to Configure |
|---|---|---|
| Invitation token validity | Configured in the application (typically 7-30 days) | Application settings (Devise configuration) |
After expiry:
- The employee can no longer use the old link.
- An administrator must resend the invitation to generate a new, valid token.
- The previous token is permanently invalidated.
Self-Service Portal Features
Once an employee accepts the invitation and logs in, they have access to the self-service portal. This portal allows employees to perform common HR tasks without involving the HR team.
Self-Service Dashboard
After logging in, the employee sees a personalized dashboard showing:
- Today's attendance status (checked in, checked out, not yet checked in)
- Leave balance summary (available days for each leave category)
- Pending requests (leave applications, reimbursement claims awaiting approval)
- Recent payslips (quick link to the latest payslip)
- Announcements from the organization
Available Self-Service Features
| Feature | Description | Navigation |
|---|---|---|
| View Payslips | Download monthly payslips in PDF format | My Payslips or Payroll > Payslips |
| Apply for Leave | Submit leave applications with date range, leave category, and reason | Leave > Apply |
| Check Leave Balance | View available, used, and total leave days for each category | Leave > Balance |
| View Attendance | See daily attendance records, check-in/check-out times, and working hours | Attendance > My Attendance |
| Check In / Check Out | Perform daily check-in and check-out from the portal or mobile | Dashboard or Attendance > Check In |
| Update Personal Details | Edit address, emergency contact, blood group, and other personal fields | My Profile > Personal Details |
| Update Bank Details | Submit bank account changes (requires admin approval before payroll use) | My Profile > Bank Details |
| Upload Documents | Upload identity documents, certificates, and other files | My Profile > Documents |
| Upload Profile Photo | Set or change profile photograph | My Profile |
| Submit Reimbursements | Create expense reimbursement claims with receipts | Reimbursements > New Claim |
| Submit Overtime Requests | Request overtime approval for extra hours worked | Attendance > Overtime > New Request |
| View Announcements | Read company-wide announcements and notifications | Dashboard or Announcements |
| View Holidays | See the holiday calendar for the current year | Leave > Holidays |
Employee vs. Administrator Capabilities
The table below summarizes what employees can and cannot do compared to administrators.
| Action | Employee | Administrator |
|---|---|---|
| View own profile | Yes | Yes (all employees) |
| Edit personal details (address, emergency contact) | Yes | Yes |
| Edit bank details | Yes (pending approval) | Yes (immediate) |
| View own payslips | Yes | Yes (all employees) |
| Apply for leave | Yes | Yes (on behalf of any employee) |
| Approve/reject leave | No (unless manager role) | Yes |
| Check in / check out | Yes | Yes (manual entry for any employee) |
| View own attendance | Yes | Yes (all employees) |
| Edit attendance records | No | Yes |
| Submit reimbursements | Yes | Yes |
| Approve reimbursements | No (unless manager role) | Yes |
| Submit overtime requests | Yes | Yes |
| Approve overtime requests | No (unless manager role) | Yes |
| Add/edit employees | No | Yes |
| Configure departments, offices | No | Yes |
| Run payroll | No | Yes |
| Change CTC/salary structure | No | Yes |
| Configure policies (attendance, leave) | No | Yes |
Tip: Managers occupy a middle ground — they can approve leave, overtime, and reimbursement requests for their direct reports. Manager capabilities are controlled through Roles & Permissions.
Two-Factor Authentication for Employees
Employees can enable two-factor authentication (2FA) for additional security. Udyamo HRMS supports OTP-based 2FA using the otp_secret_key field on the Employee model.
- After accepting the invitation and logging in, the employee navigates to My Profile > Security.
- Clicks Enable Two-Factor Authentication.
- Scans the QR code with an authenticator app (Google Authenticator, Authy, etc.).
- Enters the OTP to confirm setup.
- From the next login onwards, the employee must enter the OTP after their password.
See Two-Factor Authentication & OTP for detailed setup instructions.
Troubleshooting Invitations
| Problem | Possible Cause | Solution |
|---|---|---|
| Employee did not receive the invitation email | Email went to spam/junk folder | Ask the employee to check spam; whitelist the sending domain |
| Employee did not receive the invitation email | Incorrect email address on the employee record | Correct the email and resend the invitation |
| "Token is invalid or expired" when clicking the link | Token has expired | Resend the invitation from the admin panel |
| "Token is invalid or expired" when clicking the link | Employee clicked an older invitation link after a resend | Ask the employee to use the most recent email |
| Employee cannot log in after accepting | Password not meeting complexity requirements | Ask the employee to reset their password; verify password policy |
| Employee sees a blank page after clicking the link | Browser compatibility issue | Try a different browser (Chrome, Firefox, Edge) |
| Invitation status shows "Sent" but employee claims they accepted | The employee may have set the password but not completed the process | Check if the employee can log in; if not, resend the invitation |
Warning: Each time you resend an invitation, the previous token is invalidated. If an employee has multiple invitation emails, only the most recent link will work.
Best Practices for Employee Onboarding
- Batch your invitations — If importing employees in bulk, schedule the import during business hours so employees receive invitations when they are likely to act on them.
- Communicate beforehand — Send a separate announcement (email, Slack, or in person) informing employees that they will receive an invitation from Udyamo HRMS and should look for it.
- Set a deadline — Ask employees to accept invitations within a specific number of days. Follow up with employees who have not accepted.
- Prepare a quick-start guide — Provide employees with a brief overview of what they can do in the self-service portal (check attendance, apply for leave, view payslips).
- Monitor invitation status — Regularly check the Employees list filtered by invitation status to identify employees who have not accepted.
Next Steps
- Set up shifts for your employees to begin attendance tracking — see Creating & Assigning Shifts
- Configure leave categories for leave applications — see Setting Up Leave Categories
- Complete employee profiles — see Employee Profiles