Setting up Multi-Factor Authentication (2-Step Authentication)

Created by Allison Cloyd, Modified on Mon, 14 Nov 2022 at 01:14 AM by Allison Cloyd

In this article, you will learn about MFA (multi-factor authentication) within Actionstep, how to enable it, and how to deactivate it. Multi-step authentication adds an extra level of authentication to the login process, making your access to Actionstep even more secure.

 

NOTE

Currently, tax authorities in certain countries are strongly advising any user with access to accounting (and billing) data to have MFA enabled. We recommend you check to see if such regulations apply to you. In general, having MFA in place is the best step you can take to protect your data, and Actionstep recommends it for all its users.

 

Actionstep's multi-factor authentication will require the use of an authentication App on your phone or computer such as Google Authenticator. When you log in you will be prompted to enter the code that this App will display.
Each user must set this up for themselves. 2-factor authentication cannot be made mandatory for your users.

 

NOTE

An administrator can also set another level of security by restricting access to Actionstep to a list of IP addresses. See Password Policies.

 

Recommended Apps

App Google Play App Store
Google Authenticator /helpdesk/attachments/150002489292 /helpdesk/attachments/150002489293
Twilio Authy /helpdesk/attachments/150002489292 /helpdesk/attachments/150002489293
 

 

Setting Up Multi-factor Authentication

Activating multi-factor authentication is done on the user's My Profile page.

  1. To access the "My Profile" page,
  2. Click on your name at the top right of your screen (above the search box) - this will take you to your "My Profile" page.

    Actionstep user interface with the 'My Profile' link in the top bar circled
  3. Under the 'Password' section, you will see a field showing if a multi-factor configuration is set up on your login. Click the 'Activate' button to activate it.

    Actionstep user interface 'My Profile' page with the 'Activate' MFA button circled

  4. This will bring up an instructions box (see picture below)

    MFA setup instructions

  5. On your mobile phone or computer, open your Authentication App.
  6. On that App, either scan the QR code on the screen, or you can click the "Show secret key for manual configuration" link below it to show the secret key. The secret key can be manually typed into your App.
  7. Your Authentication App will provide you with two codes which you should type into fields on the screen. The App may show one code at a time. Click 'Save' to continue.
  8. Multi-factor authentication is now enabled. When you next log in to Actionstep you will log in as you usually would and then a screen will pop up and you will be asked to enter a verification code - this is when you will need to open your Authentication App on your phone to see the code that you need to enter.

    MFA sign in screen showing field to enter verification code

  9. Enter the verification code
  10. Click "Confirm".

Deactivating MFA

We do not recommend disabling MFA, but you can deactivate multi-factor authentication once you have logged into your system. 

  1. Return to the My Profile screen and click the 'Deactivate' button.
  2. You will have to enter a code from your Authentication App
  3. Then tick the box confirming the removal of the multi-factor authentication
  4. Click the 'Save' button.

    deactivate MFA screen showing field to enter authentication code

Resetting MFA When Locked Out

Suppose you or a user of your system is locked out of Actionstep due to being unable to complete the Multi-Factor Authentication process. In that case, you will need an Admin with Authority to disable MFA for that user.

To do this:

  1. Go to Admin > Users & Permissions.
  2. Select the User's name or the "Edit" button next to their name.

    Actionstep admin interface showing a user login and the edit button

  3. On the Edit user screen, find the Multifactor Authentication section.
  4. Toggle the "MFA Enabled" button to "off"

    Actionstep admin interface where an admin can toggle someone's MFA on or off

  5. Click "Save".

Now, the user can access the system without Multifactor Authentication. They should then re-enable it themselves using the steps detailed above. 

 

 

FAQs

Can I use 2-step Authentication on my computer instead of my phone?

Yes - As well as mobile apps, there are authentication apps that can be downloaded onto your PC or Mac which will also connect and allow access to Actionstep.

One such app is Authy, which can be downloaded here.

 

Can I make this mandatory for all users in my firm?

Unfortunately, at this stage, MFA cannot be made mandatory. However, you can create a custom list view and Heads Up Rule that will show you all users who do/do not have MFA enabled so you can monitor and enforce it. 

To do this:

  1. Go to Admin > Users & Permissions
  2. Select to sort users into a list view

    Users and Permissions screen in the Actionstep admin interface with the list view icon circled

  3. In the 'MFA' column you will see crosses next to those who do not have it enabled and checks next to those who do

    List view of users in the admin interface showing whether MFA is enabled for each user