Two-factor authentication (2FA) provides an additional layer of security and makes it harder for attackers to gain access to your account. 2FA, if enabled, will only be enforced to full access users, however, this does not prevent any other user type from enabling 2FA on their account.
2FA can be enforced at a business level and/or a white label level.
- If enforced at a white label level, all businesses under that white label must follow 2FA protocol. Additionally, the only user type that can override the 2FA requirement at a business level would be a white label manager or a reseller.
- If enforced at a business level by a full access user, only a full access user of that business will be able to then override the 2FA requirement.
Enforcing 2FA at a white label level
This section is only relevant to users that are white label managers or resellers.
A white label manager or reseller can enforce 2FA for a white label by following these instructions:
- Access the relevant white label's settings by clicking on your username (top right hand side) and then the white label setting option:
- Click on the "Security" menu option (left hand side);
- Click on the "Manage Two-Factor Authentication" tab;
- Click on the "Require two-factor authentication for full access users" checkbox.
At a business level, the message then displayed in the "Manage Two-Factor Authentication" screen will be as follows:
To clarify, the "Click here.." link is only available to white label managers or resellers. Full access users will not have this option - their display is different, as detailed in the "2FA enforced by White Label Manager" section below.
Enforcing 2FA at a business level
Instructions on how to manage 2FA at a business level will depend on whether 2FA has been enforced at a white label level or not. Details on both are below.
You can access the business' 2FA settings by navigating to Payroll Settings > Manage Users > Manage Two-Factor Authentication (tab).
2FA enforced by White Label Manager
Full access users will know that 2FA has been enforced at a white label level when the following message is displayed:
This means that all full access users will be required to authenticate their settings and enable 2FA prior to being able to log in and access business data.
Additionally, full access users will need to get in contact with their white label representative to discuss disabling the 2FA requirement.
2FA not enforced by White Label Manager
By default, this setting will be unticked:
If you want to activate this option, tick the checkbox.
Enabling 2FA for a User
If 2FA is enabled, full access users will need to verify their settings. Detailed instructions on verifying an email address and/or mobile phone can be found here.
If you have any questions or feedback, contact us via firstname.lastname@example.org