Setting Up Multi-Factor Authentication (MFA)

Modified on Tue, 30 Apr at 4:38 PM

In this article:

Tax authorities in many countries strongly advise that any person with access to online accounting (and billing) data have multi-factor authentication (or MFA) enabled for their system. In general, using MFA is the best way you can protect you and your clients' data, and Actionstep recommends it for all its users. We recommend you check to see if such regulations apply to you. 

Note: If an Actionstep system is linked to Xero or has configured accounting in New Zealand or Australia, users without MFA configured will be prompted to set it up each time they log in. Requiring every user to implement MFA is strongly recommended for compliance, if your organization meets the criteria.


In this article, you will learn about using MFA within Actionstep, as well as how to enable or disable it. 

How-To Video



Finding an Authentication App

Actionstep's multi-factor authentication requires the use of an authentication app (like Google Authenticator) on your phone or computer. Multi-factor apps provide enhanced security by requiring users to authenticate through different methods, such as passwords, biometrics, or security tokens. When you log in to Actionstep, you will be prompted to enter the code that this App will display.

Each user in your system must set up MFA for themselves. Two-factor authentication cannot be made mandatory for your users.

TIP: While you cannot make MFA mandatory for all users at your firm, you can create a custom list view and a Heads Up Rule that will show you all users who do / do not have MFA enabled so you can monitor and enforce it. To do this, an admin can go to Admin > Users & Permissions. Then click the list view icon to sort your users. Then use the MFA column to determine who is using MFA: a red X indicates those who have not enabled it, while a checkmark indicates those who have.   

To set up an app:

  1. Actionstep recommends downloading and installing one following authenticating apps:
    Google Play
    App Store
    Google AuthenticatorDownload here
    Download here
    Twilio AuthyDownload here
    Download here
  2. Follow the app's instructions to complete the process, then proceed to "Setting Up Multi-Factor Authentication."


Setting Up Multi-Factor Authentication

Activating multi-factor authentication is done on the user's My Profile page.

To do this:

  1. In Actionstep, click your profile name in the global toolbar. This opens the My Profile page.
  2. In the Password section, check Multi-factor authentication. If it is Not Configured, click Activate to activate it.
  3. The Set up multi-factor authentication (MFA) window appears. 
  4. Using your MFA App, either scan the QR code on the window, or click Show secret key for manual configuration below it to show the secret key. The secret key may be manually entered in your app.
  5. Your Authentication App will provide you with two codes which you should type into fields on the Actionstep window. The App may show one code at a time. 
  6. Once both codes are entered, click Save to continue.

Multi-factor authentication is now enabled. When you next sign in to Actionstep, you will sign in as you normally do. However, you will be prompted to enter a verification code, at which point you can open your authentication app on your phone to see the code that you must enter and then confirm.

Disabling Multi-Factor Authentication

We do not recommend disabling multi-factor authentication, but if necessary, you can disable it once you have signed in to your system. 

To do this:

  1. Sign in to Actionstep. 
  2. Click your profile name in the global toolbar. This opens the My Profile page.
  3. In the Password section, click Deactivate next to Multi-factor authentication
  4. When prompted, enter an Authentication code from your app and confirm the removal.
  5. Click Save on the My profile page. 

Resetting Multi-Factor Authentication When Locked Out

Occasionally, you or another system user may be locked out of Actionstep due to being unable to complete the Multi-Factor Authentication process. In that case, an admin (with authority) can disable MFA for that user.

To do this:

  1. In Actionstep, go to Admin > Users & permissions.
  2. Either select the user's name or click Edit next to their name.
  3. On the Edit user window, find the Multifactor Authentication section.
  4. Toggle MFA Enabled to off.
  5. Click Save.

Now, the user can access the system without Multifactor Authentication. They should then re-enable it themselves using the steps detailed above. 

TIP: You can use two-step authentication on your computer instead of your mobile device. To do this, you will need an app that can support this, such as Authy, which can be downloaded here.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article