If you need to manage your account user name or email address, you can do this by clicking on Payroll Settings > My account (under the 'Advanced' heading)
The 'My Accounts' page has the following settings:
- Account details - Includes the following fields:
- Email Address
- Time Zone
- API key;
- Marketing/Product Updates opt-in;
Any of the above settings can be amended from this screen. Once you have made any desired changes, simply click the 'Save' button.
- Two-Factor Authentication and Google Authenticator (explained in detail further below).
- Related businesses - This will show both business and employee self service portals that the user has direct access to.
- Terms and conditions
Two-factor authentication (2FA) provides an additional layer of security and makes it harder for attackers to gain access to your account. With regards to any end user that can access taxation or superannuation related information of other entities or individuals (for example, tax agents, employers), the ATO has deemed 2FA mandatory for the following users when logging into the payroll platform:
- Full access users;
- Restricted users with access to one or more reports;
- Restricted users with report packs permission (this is different to a report pack recipient and explained further below); and
- Restricted users with STP Pay Event Approver permission.
The above users will be unable to log into the payroll platform until 2FA has been enabled.
You will know that this is the case when you try to log in and see the following screen:
N.B. If Google Authenticator is the only 2FA option enabled, it cannot be disabled until 2FA is enabled.
When you are redirected to the "My Account" screen, scroll down to the following 2FA configuration:
To enable 2FA you will need to either confirm your email address and/or add your mobile phone, as follows:
Confirming email address
The email address entered in this field is the email address used for your account. If you need to change this, you must do so from the "Email Address" field at the top of the screen. When you click on "Confirm Email Address" you will be sent a confirmation request via email. Clicking on the link contained in the email will act as confirmation of your email address.
Adding mobile phone
We do not auto-populate mobile numbers for security reasons. As such, users will always need to enter their number in this section. The number format required is the country code plus the number (i.e. +61xxxxxx). Once you enter your mobile phone number, click on "Send Confirmation Code". You will be sent a code via sms - this code will need to be entered in the field specified and then click on "Confirm".
Once either or both of the above settings are confirmed, you will notice that the "Enable Two-Factor Authentication" button is activated and can be clicked on. When you do click on the button the following popup will appear:
To enable Google Authenticator you'll need to open the Google Authenticator app on your phone, then click the 'Configure Google Authenticator' link on the web page. You'll then need to scan the barcode or QR code that is shown. Below is an example (the barcode has been blurred as it is only for demonstration purposes):
Enter the 6-digit code that is shown in the app, and click 'Enable'.
You will then be redirected to the main login screen. After you have logged in you will be taken back to the "My Account" screen where you will see that 2FA has been enabled:
Any full access user, restricted user and employee user can choose to opt-in and enable 2FA for their account. To do this follow the same instructions as above.
If you have any questions or feedback, contact us via firstname.lastname@example.org