Make Two-Factor Authentication Compulsory

Make Two-Factor Authentication Compulsory

This article is for Paymasters, Primary Group users, Primary Partner users and Primary Affiliate users.

Important: CloudPayroll is required by the ATO to mandate the use of multi-factor authentication for organisation users by 30th September 2018.

This article covers:

Note: If two-factor authentication is compulsory for a user, they will not be able to log into CloudPayroll without having 2FA enabled.

Note: Group, Partner and Affiliate users that have access to any organisation will be required to have 2FA enabled if they can see employees' tax information for at least one of the organisations they have access to.

Make 2FA Compulsory for all Leave and Time Approvers

A Paymaster can set 2FA as compulsory for all leave and time approvers.

  1. Go to Setup > Organisation.
  2. Select the Defaults sub-menu.
    You can choose to include Leave and Timelog Approvers from mandatory 2FA.
    Depending on whether Timelogs is enabled or not, the name of the checkbox will differ
  3. In the Organisation Preferences section, select:
    • Include users with Leave Approvals Only access checkbox,
      or if Timelogs is enabled, select:
    • Include users with Leave Approvals Only, Timelog Approvals Only, and Timelog and Leave Approvals access checkbox.
  4. Select Save.
    A success message displays confirming the details have been saved.

Note: The next time a user logs into CloudPayroll, if they do not already have 2FA enabled, they will be required to set it up.

Make 2FA Compulsory for all Kiosk Users

A Paymaster can set 2FA as compulsory for all Kiosk users.

  1. Go to Setup > Organisation.
  2. Select the Defaults sub-menu.
  3. In the Kiosk section, select the Make two factor authentication compulsory for kiosk users checkbox.
  4. Select Save.
    A success message displays confirming the details have been saved.

Note: The next time a user logs into their Kiosk, if they do not already have 2FA enabled, they will be required to set it up.

Make 2FA Compulsory for a New Group, Partner or Affiliate User

A Primary Group, Partner or Affiliate user can make two-factor authentication compulsory for a user.

  1. Select the Users tab.
  2. Select +Add.
  3. In the New user section, enable the Requires 2FA checkbox.
  4. Complete setting up the user.
  5. Select Save.
    A success message displays confirming the user has been saved.

Note: If the user has access to employee tax details for at least one organisation, the Requires 2FA checkbox will be selected and non-editable on Save.

Note: When the user logs into CloudPayroll for the first time, they will be required to set up 2FA.

Make 2FA Compulsory for an Existing Group, Partner or Affiliate User

A Primary Group, Partner or Affiliate user can make two-factor authentication compulsory for a user.

  1. Select the Users tab.
  2. Select either:
    • the user's hyperlink, or
    • the Pencil icon for that user.
  3. Enable the Requires 2FA checkbox.
  4. Select Save.
    A success message displays confirming the user has been saved.

Note: If the user has access to employee tax details for at least one organisation, the Requires 2FA checkbox will be selected and non-editable.

Note: The next time the user logs into CloudPayroll, if they do not already have 2FA enabled, they will be required to set it up.

    • Related Articles

    • Introduction to Two-Factor Authentication

      Important: CloudPayroll is required by the ATO to mandate the use of multi-factor authentication for organisation users by 30th September 2018. This article covers a basic overview of two-factor authentication: What is two-factor authentication? How ...
    • Set up Two-Factor Authentication

      Note: Use these instructions to set up two-factor authentication if you do not access the Kiosk via smartphone. If you access the Kiosk using a smartphone, see Set up two-factor authentication to access the Kiosk on a smartphone. This article covers: ...
    • Disable Two-Factor Authentication for a User

      This article is for Paymasters, Primary Group users, Primary Partner users and Primary Affiliate users. Note: If 2FA is optional for a user, and they need to change or remove their existing 2FA setup, they can disable their 2FA. See Disable or reset ...
    • Reset Two-Factor Authentication for a User

      This article is for Paymasters, Primary Group users, Primary Partner users and Primary Affiliate users. Note: If 2FA is compulsory for a user, and they need to change their existing 2FA setup, they must reset their 2FA. See Disable or reset ...
    • Disable or Reset Two-Factor Authentication

      Note: Use these instructions to disable or reset two-factor authentication if you do not access the Kiosk via smartphone. If you access the Kiosk using a smartphone, see disable or reset two-factor authentication in the Kiosk on a smartphone. If you ...