Overview
Updated 11/28/2022
Multi-factor authentication (MFA) is an authentication method that requires the user to provide two forms of identity verification before they’re allowed to log in to a website or application. Examples of methods are what the user knows, such as a password, and what the user has, such as a cell phone. It is sometimes referred to as Two-Factor Authentication (2FA). |
ChaptersWhy is MFA important for a staffing organization? |
Click on this link for a general FAQ about MFA in Avionté: Avionté MFA FAQ
Why is MFA important for a staffing organization?
Passwords alone aren’t secure enough. From simple relaying and spraying attacks to the more sophisticated threats of spear-phishing and pharming, hackers have developed countless tried and tested methods of stealing credentials and gaining unauthorized access to private accounts.
In March 2022, Microsoft engineers said that 99.9% of the account compromise incidents they deal with could have been blocked by a multi-factor authentication (MFA) solution. MFA prevents identity theft.
Our MFA solution offers an additional layer of security beyond passwords. It can provide you peace of mind that unauthorized access to your BOLD environment will be minimized.
Roles
The following user types can be enabled with MFA:
- HCM Users: These are subscribed Avionté users.
- Talent: These are applicants.
- Managers: These are typically time approvers.
Request MFA Activation
To request MFA activation in your environment, please create a Zendesk ticket with the subject "MFA Activation". Please include the following information in the ticket:
- What role(s) you would like MFA activated for (all, HCM users, Managers, Talent)
Please refer to these instructions to create a ticket in AviontéBOLD: Create and View tickets with AVI in BOLD
Logging In to BOLD with MFA for the first time
1. When you log on to BOLD for the first time with MFA activated, you will see a new screen:
Note: that this is true for all users, including those who are not part of an MFA user group. This login screen will be the default for AviontéBOLD for clients with MFA active.
2. Enter your email address and click Continue. This must be the email that you use to log in to BOLD.
3. If your email address is recognized, you will be presented with the login screen:
This assumes that your email address is registered in the BOLD system; if you have previously logged in to BOLD, that should be the case.
4. Enter your password and click Continue. The Secure Your Account screen appears.
5. Text Message is the default. Enter your smartphone number and click Continue. The Verify Your Identity screen appears.
6. The system sends a text message to your phone with a 6-digit code.
(sample)
7. Enter this code and click Continue. Your identity is verified and the system logs you into AviontéBOLD.
Options During Login
There are options available to you during the login process if you forget your password, or wish to use a different means of verifying your identity from text messaging.
Forgot your Password
- On the initial login screen, there is a Forgot Password button.
- If you know you have forgotten your password (or are a new user and do not yet have a password), you can enter your email and click this. This must be the email that you use to log in to BOLD. You will be taken to the Get your Password screen.
3. Enter your email address here and click Get your Password. This must be the email you use to log in to BOLD. If your email is in the system, you will see the message "OK! - Please check your email for instructions!"
4. Go to your email. The password reset email looks like this:
5. Click the Reset your Password button or click the link in the email. The screen to set a new password appears.
6. Enter the same new password once in each field, and click Save and Login. You will be redirected to the Avionté login screen.
7. Log in to BOLD with your new password, and follow the instructions for MFA above.
Use Voice Call Instead of Text Message
On the Secure your Account screen, there is an option for using a voice call instead of a text message.
You can use this if your phone does not accept text messages. It will work with landlines.
- Enter your phone number and click the Voice call button, then click Continue. The Verify Your Identify screen appears and the system will call your phone.
- Answer the call, and listen for the 6-digit code. It will be read out loud by a computer. As you hear it, enter the code in the field of the screen. The system will repeat the code once for you to verify it. Click Continue.
- Your identity is verified and you will be logged into AviontéBOLD.
Other options on the Verify Your Identity screen
There are other options available on the Verify Your Identify screen to assist you if needed.
- If you don't want to have to enter a code every time you log in to AviontéBOLD, check the box for "Remember this device for 30 days." This will prevent the system from asking you for login codes for 30 days. After that time, you will need to enter a new code again.
- If you don't receive a text message as expected when the Verify Your Identity screen loads, you can click the Resend link to try it again. The system will attempt to send you another text message. Note that there may be a new code.
- If text messaging is not working with your phone, you can click the get a call link and the system will switch to the Voice call verification option (see above).
Other Methods - Getting a code via Email
- Clicking Try another method on the Verify Your Identity screen will allow you to choose which verification option you would like, on a new screen.
- Prerequisite: The email option will be available when you click on "Try another method" only after you have set up MFA using a phone number. Otherwise, you will see Phone as the only option available.
If you click Email here, the system will email a code to your email address. This must be the email you use to log in to BOLD. After getting the email, enter the code received into the verification field, click Continue, and the system will log you in.
Timeout
There will be a 5-minute timeout between when you receive an MFA code and when it needs to be entered. In the event that you experience a time-out, you can request a fresh authentication code.
Resetting An MFA Factor
HCM users with the MFA option enabled can reset the login factor (phone number, email, etc.) associated with it for a given user record.
In the event a factor is changed, HCM Users can reset what value is associated with a particular user without having to contact support. We understand that doing this was an extra step for which clients wanted a workaround.
When a BOLD user has a different phone number for MFA than what is registered for them, an authorized HCM User in your company can reset the MFA factor for them. Upon the next login, the user will be re-prompted for the factor to associate with MFA. They will be able to enter a new phone number.
This feature is enabled for all MFA Admins.
HCM Users granted this ability should follow these steps to reset an MFA factor:
- Navigate to Utilities > User Records
- Search for the user that has a new factor (such as a phone number) to use with MFA
- You will see a button called "Reset MFA" when viewing the user's profile
-
Clicking that button will prompt the user (upon their next login) for the type of factor to reset (e.g., phone number)
- Clicking Confirm will cause the MFA factor registered to be reset
- Upon the next login, the user will be re-prompted for the factor to associate with MFA
Comments
0 comments
Article is closed for comments.