Multi-factor authentication (MFA) is an authentication method that requires the user to provide two forms of identity verification before they’re allowed to log in to a website or application. Examples of methods are what the user knows, such as a password, and what the user has, such as a cell phone. It is sometimes referred to as Two-Factor Authentication (2FA).
After May 15th, users who attempt to log in to AviontéBOLD will need to authenticate their identity through their email or mobile device. We are making this change to reduce the risk of unauthorized access due to stolen or leaked usernames and passwords. This requirement applies to authorized HCM users only. It does not apply to talent or managers at this time (though those options are available).
Why has Avionté made MFA mandatory?
Multifactor Authentication is now a standard operating procedure for mission-critical software platforms across all industries, and most software end users are already familiar with MFA through online banking and shopping. Moreover, incidents of cyber espionage and ransomware continue to proliferate. The preferred method of attack is to obtain a legitimate user ID and password from an unsuspecting user.
By making MFA mandatory for authorized AviontéBOLD users, we protect the entire Avionté customer community.
Chapters
Why is MFA important for a staffing organization
Roles
Logging into BOLD with MFA for the first time
Video Overview
Options During Login
Forgot Your Password
MFA Admins - Resolve Password Lockouts and Reset MFA Factors
Use Voice Call
Other Options
Getting a Code Via Email
Timeouts
Why is MFA important for a staffing organization?
Passwords alone aren’t secure enough. From simple relaying and spraying attacks to the more sophisticated threats of spear-phishing and pharming, hackers have developed countless tried and tested methods of stealing credentials and gaining unauthorized access to private accounts.
In March 2022, Microsoft engineers said that 99.9% of the account compromise incidents they deal with could have been blocked by a multi-factor authentication (MFA) solution. MFA prevents identity theft.
Our MFA solution offers an additional layer of security beyond passwords. It can provide you peace of mind that unauthorized access to your BOLD environment will be minimized.
Roles
The following user types can be enabled with MFA:
- HCM Users: These are subscribed Avionté users.
- Talent: These are applicants.
- Managers: These are typically time approvers.
Logging In to BOLD with MFA for the first time
1. When you log on to BOLD for the first time with MFA activated, you will see a new screen:
2. Enter your email address and click Continue. This should be the email that you use to log in to BOLD.
3. You will be presented with a login screen:
The system assumes that your email address is registered in the BOLD system.
- A Forgot password option is available. If you click it and enter your email address, an email will be sent to you that allows you to reset your password. After doing this, return to the login screen for your environment.
4. Enter your password and click Continue. The Secure Your Account screen appears.
5. Text Message is the default. Voice call is also available. Enter your phone number and click Continue. The Verify Your Identity screen appears.
6. The system sends a text message to your phone with a 6-digit code.
(sample)
7. Enter this code and click Continue. Your identity is verified and the system logs you into AviontéBOLD.
Options During Login
There are options available to you during the login process if you forget your password, or wish to use a different means of verifying your identity from text messaging.
Forgot your Password
- On the Welcome screen, there is a Forgot Password link.
- If you know you have forgotten your password (or are a new user and do not yet have a password), you can click this. This should be the email that you use to log in to BOLD. You will be taken to the Forgot Your Password? screen.
3. Enter your email address here and click Continue. You will see the Check Your Email screen.
4. Go to your email. The password reset email looks like this:
5. Click the click here link in the email. Your browser will open a new tab and the Change Your Password screen appears.
6. Enter a new password once in each field, and click Reset password. The Password Changed screen appears.
7. Return to the BOLD Log In screen, login with your new password, and continue following the instructions for MFA.
For MFA Admins - Resolve Password Lockouts and Reset MFA Factors
If users attempt to log in multiple times with the wrong password, their account may become locked.
Example: Your account has been blocked after multiple consecutive login attempts
HCM users with the MFA option enabled (MFA Admins) can reset the login factor (phone number, email, etc.) associated with it for a given user record; Support does not need to be contacted in this case.
To resolve a password lockout:
- Go to the User's Profile (Utilities > User Accounts > Select the relevant account).
- Note the Unblock User button.
3. Click Unblock User - this will unblock the user from being locked out and allow them to gain entrance with the same username and password they are currently using.
Self-Service Registered MFA Factor Reset
In the event an identification factor (phone number, email, etc.) is changed, MFA Admins can reset what value is associated with that user without having to contact Support. Upon the next login, the user will be re-prompted for the factor to associate with MFA. They will be able to enter a new phone number.
Follow these steps to reset an MFA factor:
- Navigate to Utilities > User Records
- Search for a user that has a new factor (such as a phone number) to use with MFA and select it
3. Note the Reset MFA button - This will completely reset the user's MFA factor, allowing them to change their phone number, email, etc. Clicking this button will prompt you for the type of factor to reset (phone number, for example)
4. Click Confirm to cause the MFA factor registered to be reset
Upon the next login, the user will be re-prompted for the factor to associate with MFA.
Use Voice Call Instead of Text Message
On the Secure your Account screen, there is an option for using a voice call instead of a text message.
You can use this if your phone does not accept text messages. It will work with landlines.
- Enter your phone number and click the Voice call button, then click Continue. The Verify Your Identify screen appears and the system will call your phone.
- Answer the call, and listen for the 6-digit code. It will be read out loud by a computer. As you hear it, enter the code in the field of the screen. The system will repeat the code once for you to verify it. Click Continue.
- Your identity is verified and you will be logged into AviontéBOLD.
Other options on the Verify Your Identity screen
There are other options available on the Verify Your Identify screen to assist you if needed.
- If you don't want to have to enter a new code every time you log in to AviontéBOLD, check the box for "Remember this device for 30 days." This will prevent the system from asking you for login codes for 30 days. After that time, you will need to enter a new code again.
- If you didn't receive a text message as expected when the Verify Your Identity screen loads, you can click the Resend link to try it again. The system will attempt to send you another text message. Note that there will be a new code.
- If text messaging is not working with your phone, you can click the get a call link and the system will switch to the Voice call verification option (see above).
Other Methods - Getting a code via Email
- Clicking Try another method on the Verify Your Identity screen will allow you to choose which verification option you would like, on a new screen.
- Prerequisite: The email option will be available when you click on "Try another method" only after you have set up MFA using a phone number. Otherwise, you will see Phone as the only option available.
If you click Email here, the system will email a code to your email address. This must be the email you use to log in to BOLD. After getting the email, enter the code received into the verification field, click Continue, and the system will log you in.
Timeouts
There will be a 5-minute timeout between when you receive an MFA code and when it needs to be entered. If you experience a time-out, you can request a fresh authentication code.
Comments
0 commentsArticle is closed for comments.