Log in to AviontéBOLD with MFA

Updated May 07, 2026 14:49

Multi-factor authentication (MFA) is an authentication method that requires the user to provide two forms of identity verification before they're allowed to log in to a website or application. Examples of methods are what the user knows, such as a password, and what the user has, such as a cell phone. It is sometimes referred to as Two-Factor Authentication (2FA).

Users who attempt to log in to AviontéBOLD need to authenticate their identity through their email or mobile device. This is to reduce the risk of unauthorized access due to stolen or leaked usernames and passwords. This requirement applies to authorized HCM users only. It does not apply to talent or managers at this time (though those options are available).

Key Takeaways

How to log in to AviontéBOLD using MFA for the first time
Options for resolving password lockouts and resetting MFA factors
How the Talent MFA Opt-In setting works and what talent users experience
How to un-enroll a talent user from MFA

Why is MFA important for a staffing organization?

Passwords alone aren't secure enough. From simple relaying and spraying attacks to the more sophisticated threats of spear-phishing and pharming, hackers have developed countless tried and tested methods of stealing credentials and gaining unauthorized access to private accounts.

Microsoft engineers have reported that 99.9% of the account compromise incidents they handle could have been blocked by MFA. MFA prevents identity theft.

Our MFA solution offers an additional layer of security beyond passwords. It can provide you peace of mind that unauthorized access to your BOLD environment will be minimized.

Avionté MFA FAQ

Roles

The following user types can be enabled with MFA:

HCM Users: These are subscribed Avionté users.
Talent: These are applicants.
Managers: These are typically time approvers.

Note: Talent MFA can be enforced for all talent users or configured as an opt-in, where talent users are prompted to enroll at login. For details on the Talent MFA Opt-In setting, see the For Talent Users section below.

For HCM Users

This section covers everything an HCM user needs to know about logging in to AviontéBOLD with MFA, including what to do if you forget your password, how to use voice call or email verification, and how device memory works.

Logging In to BOLD with MFA for the first time

1. When you log on to BOLD for the first time with MFA activated, you will see a new screen:

Note: This is true for all users, including those who are not part of an MFA user group. This login screen will be the default for AviontéBOLD clients.

2. Enter your email address and click Continue. This should be the email that you use to log in to BOLD.

3. You will be presented with a login screen:

The system assumes that your email address is registered in the BOLD system.

A Forgot password option is available. If you click it and enter your email address, an email will be sent to you that allows you to reset your password. After doing this, return to the login screen for your environment.

4. Enter your password and click Continue. The Secure Your Account screen appears.

5. Text Message is the default. Voice call is also available. Enter your phone number and click Continue. The Verify Your Identity screen appears.

6. The system sends a text message to your phone with a 6-digit code.

7. Enter this code and click Continue. Your identity is verified and the system logs you into AviontéBOLD.

Forgot your Password

On the Welcome screen, there is a Forgot Password link.
If you know you have forgotten your password (or are a new user and do not yet have a password), you can click this. This should be the email that you use to log in to BOLD. You will be taken to the Forgot Your Password? screen.
Enter your email address here and click Continue. You will see the Check Your Email screen.
Go to your email. The password reset email looks like this:
Click the click here link in the email. Your browser will open a new tab and the Change Your Password screen appears.
Enter a new password once in each field, and click Reset password. The Password Changed screen appears.
Return to the BOLD Log In screen, log in with your new password, and continue following the instructions for MFA.

Use Voice Call Instead of Text Message

On the Secure Your Account screen, you can choose Voice call instead of a text message. This is useful if your phone does not accept text messages. It works with landlines.

Enter your phone number, click the Voice call button, then click Continue. The Verify Your Identity screen appears and the system will call your phone.
Answer the call and listen for the 6-digit code. It will be read out loud by a computer. Enter the code in the field on screen and click Continue.
Your identity is verified and you will be logged into AviontéBOLD.

Note: Landlines with extensions (such as an office phone system) are not supported for voice calls.

Other Methods — Getting a Code via Email

After setting up MFA with a phone number, you can switch to email verification on subsequent logins. Click Try another method on the Verify Your Identity screen to choose email.

Important: The email option is only available after you have completed at least one MFA login using a phone number. If you have not yet set up phone-based MFA, email will not appear as an option. If you are locked out of your phone and have not previously set up phone-based MFA, you will need to contact Avionté support to reset your MFA factor.

Click Email to have a verification code sent to your email address. This must be the email you use to log in to BOLD. Enter the code in the verification field, click Continue, and the system will log you in.

Device Memory & Timeouts

On the Verify Your Identity screen, you can check Remember this device for 30 days. When checked, BOLD will not ask you to enter an MFA code again for 30 days. After 30 days, the next time you log in you will be prompted to enter a verification code. You can check the box again at that point to start another 30-day period.

Important: Never check Remember this device on a shared, public, or kiosk computer. Doing so allows anyone who uses that device to access your BOLD account without MFA for up to 30 days.

MFA codes expire after 5 minutes. If a code times out before you enter it, you can request a new one from the Verify Your Identity screen.

Other options on the Verify Your Identity screen:

If you did not receive a text message, click the Resend link to request a new code. Note that a new code will be generated.
If text messaging is not working, click the get a call link to switch to the voice call option.

For MFA Admins

For MFA Admins Only

This section covers admin tasks for HCM users with the MFA Admin user permission, including resolving account lockouts, resetting MFA factors, and managing talent MFA enrollment.

Resolve Password Lockouts and Reset MFA Factors

If users attempt to log in multiple times with the wrong password, their account may become locked.

Example: Your account has been blocked after multiple consecutive login attempts

MFA Admins can resolve lockouts and reset MFA factors directly from the user's profile without contacting Support.

To resolve a password lockout:

Navigate to Utilities > User Accounts and select the relevant account.
Click the Unblock User button. This allows the user to log back in with their existing username and password.

Self-Service MFA Factor Reset

If a user's identification factor (phone number, email, etc.) changes, MFA Admins can reset the associated factor without contacting Support. Upon the next login, the user will be prompted to register a new factor.

To reset an MFA factor:

Navigate to Utilities > User Accounts and search for the relevant user.
Select the user's record.
Click the Reset MFA button. This clears the user's registered MFA factor. You will be prompted to confirm the type of factor to reset.
Click Confirm. Upon the next login, the user will be prompted to register a new factor.

Un-Enroll Talent from MFA

HCM administrators with the MFA Admin user permission can un-enroll a talent user from MFA if login issues arise. The MFA Opted-In toggle and Reset MFA Factor button are available on the talent's record in AviontéBOLD.

To un-enroll a talent user from MFA:

Navigate to Applicants and search for the talent user.
Select the talent's record to open it.
On the left sidebar, locate the MFA Opted-In toggle.
Toggle off MFA Opted-In to un-enroll the talent. The toggle will move to the off position, indicating MFA is no longer active for that user.

Note: The Reset MFA Factor button is also available on the talent's record. Use this to clear the enrolled factor if the talent's phone number has changed. Upon the next login, the talent will be prompted to set up a new MFA factor. All MFA enrollment and un-enrollment actions are logged as talent activities and recorded in the audit log.

For Talent Users

This section covers what talent users experience when the Talent MFA Opt-In setting is enabled, including the enrollment prompt, what access is restricted without MFA, and how to enroll after initially declining. It also covers how MFA Admins can un-enroll talent users if needed.

Talent MFA Opt-In Experience

When Talent MFA Opt-In is enabled for your environment, talent users who log in without MFA enrolled will see a Secure Your Account with MFA prompt. The prompt explains what MFA is, lists the areas of the portal that require MFA, and gives the talent user the option to enroll or decline. The prompt appears at every login until the talent user enrolls.

The prompt supports English, Spanish, and French via a language selector.

Talent who do not enroll will lose access to the following areas of the talent portal:

Direct Deposit information
Personal information
Pay History
Documents
Tax information and forms

This video walks through the full talent-side experience, from the enrollment prompt through completing MFA setup.

After logging in, talent see the Secure Your Account with MFA prompt.

Talent who click No thanks. I don't want to Opt-In. are shown a secondary confirmation modal requiring them to acknowledge that their access will be limited before continuing.

After declining, talent see a notification on their dashboard and a persistent Set Up MFA button on their profile sidebar. This button is always visible, so talent who initially decline can enroll at any time without logging out and back in.

When a talent user without MFA attempts to navigate to a restricted section of the portal, an Access Restricted notification directs them to set up MFA.

If talent choose to enroll, they are redirected to log back in and complete MFA setup. They enter their phone number and choose to receive their verification code via text message or voice call.

Use Voice Call During Talent MFA Enrollment

When enrolling in MFA through the talent portal, talent users can choose to receive their verification code via voice call instead of a text message. This is useful for talent without reliable text messaging.

On the Secure Your Account screen, enter your phone number and click the Voice call button, then click Continue.
Answer the call and listen for the 6-digit code. It will be read out loud by a computer. Enter the code in the field on screen and click Continue.
Your identity is verified and enrollment is complete.