Payslips contain highly sensitive data, and hence require the strictest of security measures to protect this data. One ways of increasing security is enforcing your team member's accounts to require MFA.
This is an additional layer to the email login and password, and is especially useful for those users who often click Save Password even on devices that may be accessed by others. Once the MFA setting is enforced on their accounts, they will be asked to set-up the MFA, and they will require this upon each log-in.
Enabling the Multi-Factor Authentication (MFA)
In the Settings page, within the Access page, you have to click Enable MFA.
As soon as you click this, you will be required to set up your own MFA.
Follow the instructions (as seen in screenshot) and verify the MFA. Once it is set-up, you will be able to enforce it.
Enforcing the MFA on your Admins / Employees
As soon as you enable your own MFA, you will be able to select whether you would like to enforce it on for Admins and Managers or for all employees:
- Admins & Managers
All admins (i.e. users with access to the payroll portal) as well as Leave Managers (with access to manager mode on the employee portal) will be required to use MFA - All Employees & Admins
Along with the admins (as above), all employees will require an MFA to log into their employee portal to manage their leave and access payslips
Disabling MFA
Removing the "Enable MFA" will mean that accounts that do not have the MFA set up will not be asked to set up an MFA. However, for security reasons, all accounts that have already set up their MFA will still be required to use the MFA one-time key upon each login.
Other Information
We would recommend looking into our other articles for definition on how frequent the MFA will be required.
Setting up Multi-Factor Authentication (MFA) on your Account