Important: CloudPayroll is required by the ATO to mandate the use of multi-factor authentication for organisation users by 30th September 2018.
This article covers a basic overview of two-factor authentication:
Two-factor authentication (or 2FA) is a method of confirming a user's identity utilising a combination of two different factors.
It creates an extra layer of security by requiring more than one form of identification.
To verify access to your online information, 2FA uses various forms of identification. In CloudPayroll, this is:
- Your username and password, and
- A one-time password displayed by an authenticator app.
CloudPayroll uses the Time-based One-time Password (TOTP) algorithm to calculate the one-time password.
It is calculated using a unique time-based key, provided to you in the 2FA setup stage in CloudPayroll, and the current time. A 6-digit code (one-time password) is produced using the algorithm. The 6-digit code is regenerated every 30 seconds.
CloudPayroll 2FA can be used with most Time-based One-time Password applications (authenticator apps). It is the authenticator app that displays the 6-digit code.
Authenticator apps can be downloaded to smartphones, tablets and desktop computers.
For instructions on how to use some of the more common authenticator apps that support TOTP, see Third-Party Authenticator Apps.
Any user can optionally set up 2FA in CloudPayroll as an added level of security.
In some cases, a user may be required to set up 2FA. For example, if a user can see other employees' tax information.
In addition to users who can access employees' tax information, employers can make it compulsory for other users of their CloudPayroll account, including Kiosk users, to be required to sign in with 2FA.
Primary Partner, Group and Affiliate users can also enforce compulsory 2FA for their users.
See Make two-factor authentication compulsory for instructions on making 2FA compulsory for users.
Enable Two-Factor Authentication
Setup 2FA on your CloudPayroll login by scanning a QR code, or manually entering a time-based key into an authenticator app.
See Set up two-factor authentication and Set up two-factor authentication to access the Kiosk on a smartphone for instructions on how to enable 2FA.
Log in With Two-Factor Authentication
Once 2FA is enabled, when you log into CloudPayroll, after you have successfully entered your username and password, you will be required to enter a 6-digit verification code from your authenticator app.