This article is for Paymasters, Primary Group users, Primary Partner users and Primary Affiliate users.

This article covers:

• Making 2FA compulsory for leave and time approvers
• Making 2FA compulsory for Kiosk users
• Making 2FA compulsory for a new Group, Partner or Affiliate user
• Making 2FA compulsory for an existing Group, Partner or Affiliate user

Note: If two-factor authentication is compulsory for a user, they will not be able to log into CloudPayroll without having 2FA enabled.

Note: Group, Partner and Affiliate users that have access to any organisation will be required to have 2FA enabled if they can see employees' tax information for at least one of the organisations they have access to.

Make 2FA Compulsory for all Leave and Time Approvers

A Paymaster can set 2FA as compulsory for all leave and time approvers.

1. Go to Setup > Organisation.
2. Select the Defaults sub-menu.
   You can choose to include Leave and Timelog Approvers from mandatory 2FA.
   Depending on whether Timelogs is enabled or not, the name of the checkbox will differ
3. In the Organisation Preferences section, select:
   
   • Include users with Leave Approvals Only access checkbox,
     or if Timelogs is enabled, select:
   • Include users with Leave Approvals Only, Timelog Approvals Only, and Timelog and Leave Approvals access checkbox.
4. Select Save.
   A success message displays confirming the details have been saved.

Note: The next time a user logs into CloudPayroll, if they do not already have 2FA enabled, they will be required to set it up.

Make 2FA Compulsory for all Kiosk Users

A Paymaster can set 2FA as compulsory for all Kiosk users.

1. Go to Setup > Organisation.
2. Select the Defaults sub-menu.
3. In the Kiosk section, select the Make two factor authentication compulsory for kiosk users checkbox.
4. Select Save.
   A success message displays confirming the details have been saved.

Note: The next time a user logs into their Kiosk, if they do not already have 2FA enabled, they will be required to set it up.

Make 2FA Compulsory for a New Group, Partner or Affiliate User

A Primary Group, Partner or Affiliate user can make two-factor authentication compulsory for a user.

1. Select the Users tab.
2. Select +Add.
3. In the New user section, enable the Requires 2FA checkbox.
4. Complete setting up the user.
5. Select Save.
   A success message displays confirming the user has been saved.

Note: If the user has access to employee tax details for at least one organisation, the Requires 2FA checkbox will be selected and non-editable on Save.

Note: When the user logs into CloudPayroll for the first time, they will be required to set up 2FA.

Make 2FA Compulsory for an Existing Group, Partner or Affiliate User

A Primary Group, Partner or Affiliate user can make two-factor authentication compulsory for a user.

1. Select the Users tab.
2. Select either:
   • the user's hyperlink, or
   • the Pencil icon for that user.
3. Enable the Requires 2FA checkbox.
4. Select Save.
   A success message displays confirming the user has been saved.

Note: If the user has access to employee tax details for at least one organisation, the Requires 2FA checkbox will be selected and non-editable.

Note: The next time the user logs into CloudPayroll, if they do not already have 2FA enabled, they will be required to set it up.