In this article, you will learn about MFA (multi-factor authentication) within Actionstep, how to enable it, and how to deactivate it. Multi-step authentication adds an extra level of authentication to the login process, making your access to Actionstep even more secure.
|NOTE: Currently, tax authorities in certain countries are strongly advising any user with access to accounting (and billing) data to have MFA enabled. We recommend you check to see if such regulations apply to you. In general, having MFA in place is the best step you can take to protect your data, and Actionstep recommends it for all its users.|
Actionstep's multi-factor authentication will require the use of an authentication App on your phone or computer such as Google Authenticator. When you log in you will be prompted to enter the code that this App will display.
Each user must set this up for themselves. 2-factor authentication cannot be made mandatory for your users.
|NOTE: An administrator can also set another level of security by restricting access to Actionstep to a list of IP addresses.|
Setting Up Multi-factor Authentication
Activating multi-factor authentication is done on the user's My Profile page.
- To access the "My Profile" page,
- Click on your name at the top right of your screen (above the search box) - this will take you to your "My Profile" page.
- Under the 'Password' section, you will see a field showing if a multi-factor configuration is set up on your login. Click the 'Activate' button to activate it.
- This will bring up an instructions box (see picture below)
- On your mobile phone or computer, open your Authentication App.
- On that App, either scan the QR code on the screen, or you can click the "Show secret key for manual configuration" link below it to show the secret key. The secret key can be manually typed into your App.
- Your Authentication App will provide you with two codes which you should type into fields on the screen. The App may show one code at a time. Click 'Save' to continue.
- Multi-factor authentication is now enabled. When you next log in to Actionstep you will log in as you usually would and then a screen will pop up and you will be asked to enter a verification code - this is when you will need to open your Authentication App on your phone to see the code that you need to enter.
- Enter the verification code
- Click "Confirm".
We do not recommend disabling MFA, but you can deactivate multi-factor authentication once you have logged into your system.
- Return to the My Profile screen and click the 'Deactivate' button.
- You will have to enter a code from your Authentication App
- Then tick the box confirming the removal of the multi-factor authentication
- Click the 'Save' button.
Resetting MFA When Locked Out
Suppose you or a user of your system is locked out of Actionstep due to being unable to complete the Multi-Factor Authentication process. In that case, you will need an Admin with Authority to disable MFA for that user.
To do this:
- Go to Admin > Users & Permissions.
- Select the User's name or the "Edit" button next to their name.
- On the Edit user screen, find the Multifactor Authentication section.
- Toggle the "MFA Enabled" button to "off"
- Click "Save".
Now, the user can access the system without Multifactor Authentication. They should then re-enable it themselves using the steps detailed above.
Q.Can I use 2-step Authentication on my computer instead of my phone?
A. Yes - As well as mobile apps, there are authentication apps that can be downloaded onto your PC or Mac which will also connect and allow access to Actionstep. One such app is Authy, which can be downloaded here.
Q. Can I make this mandatory for all users in my firm?
Unfortunately, at this stage, MFA cannot be made mandatory. However, you can create a custom list view and Heads Up Rule that will show you all users who do/do not have MFA enabled so you can monitor and enforce it.
To do this:
- Go to Admin > Users & Permissions
- Select to sort users into a list view
- In the 'MFA' column you will see crosses next to those who do not have it enabled and checks next to those who do
Q. Why do I keep getting asked to enable MFA??
If an Actionstep system is linked to Xero or has configured accounting in New Zealand or Australia, user without MFA configured will be prompted to set it up each time they log in. Implementing MFA for every user is strongly recommended for compliance, if your organization meets the criteria.