Last modified by: Alpine Crew -

Enabling Two Factor Authentication for your Users

**Note: At this time, multi factor authentication is only available for use with authenticator apps. Text message or email is not yet supported.

 

Intro

How to enable two factor authentication for your organization

How to enable two factor authentication for your users

Two factor authentication for payroll approval

 

Intro

User access security can be enhanced in Inclusion System by using two-factor authentication (2FA) which sends a code to an authenticator app on the user's smart phone or tablet. 

  • If the user is already using an authenticator app, they can simply add Inclusion System's QR code to it. 
  • If the user does not yet use an authenticator app, they can download one from the App Store or Google Play Store on their smartphones or tablets. Examples of authenticator apps which are free to use are Google Authenticator, Microsoft Authenticator or Authy. 
  • If phones or tablets are not accessible in the office space, a desktop authenticator can also be used such as Authenticator - Chrome Web Store 

This feature is available for all users but is currently only mandatory for users who have access to payroll approval and employee compensation changes. However, it is highly recommended that all users utilize the feature to increase the security of your data in the system. 

 

How to enable two factor authentication for your organization

By default, two factor authentication is enabled and available for all organizations. 

 

How to enable two factor authentication for your users

As an admin, you cannot directly enable 2FA for your employee users but you can set up a prompt to have them register for it. 

1. You can access the user ID you wish to enable for 2FA via 2 ways:

  • Go the employee's profile and click Edit User ID by their name.
    edit_user_id.png
  • Click the drop down arrow to the right of your username. Click Organization Details and navigate to the Users tab. This will give you a list of all users in your organization. 
    edit_user_id_2.png
    Find the user you wish to enable and click Edit.

2, Once inside the user editor, click Edit by the 2FA label.

1_edit_2fa.png

 

3. Here you will see a summary of the 2FA Policy and if an Authenticator has been registered.

  • 2FA Policy - this will either show Optional or Two Factor Authentication is required by [date].
  • Authenticator - this will either show None Registered (has not been enabled) or Registered (has been enabled)

2_edit_policy.png

To prompt your user to enable 2FA, click Edit policy

 

4. Click the date field to show the date picker. Select the date you wish to set as the deadline for enabling 2FA, then click Save.

3_update_date.png

 

A confirmation message will appear. Tada!

 

When your employee logs into the system, they will receive a message that they need to enable 2FA by the date you selected, along with 2 buttons:

  • Continue with 2FA setup - will take them through the setup of 2FA
  • Skip for now - will skip the process until the next time they log in

If your employee does not setup 2FA before the date you selected, they will be unable to log into the system with a message that 2FA was not setup. An admin will need to once again edit their 2FA policy to a future date to allow them to log in. 

 

[Related] Guide for employees: How to enable Two Factor Authentication for my user ID

 

Two factor authentication for payroll approval

If 2FA is enabled for payroll approval, your payroll approval will need to once again enter their authentication code upon hitting approve.

payroll_approval.png

Contact the Alpine Crew!

204-478-3707
alpinecrew@ibexpayroll.ca