Multi-factor authentication (2FA or 2 Factor) is an extra security option that requires additional information/hardware beyond a username and password. With Core HR, we utilize a third-party Authenticator app where a new 6-digit security code is generated every 30 seconds that the user would need to enter in addition to their username and password. If a user does not have enough time to enter a security code, they can wait for the next code to be automatically generated. Each security code is used only once.
- Expand Setup and click Setup Properties from the Menu.
- Hover over General and click Security from the top menu bar.
There are three options for enabling/declining multi-factor authentication when logging in.
- Administrator-only - Multi-factor authentication will be enabled for each administrator, but not for employees in the system. This is the minimum recommended level of usage for Multi-factor authentication.
- Administrators and Employees - Multi-factor authentication will be enabled for each administrator and all employees in the system.
- Decline Multi-factor authentication Functionality - Multi-factor authentication will not be enabled for administrators or for employees in the system. LICENSEE acknowledges that Multi-factor authentication functionality has been offered and is recommended.
In addition to enabling multi-factor authentication, you must select at least two security administrators. The selected administrators will have permission to adjust multi-factor authentication settings and reset an employee's multi-factor setup if they do not have access to their original authenticator app (such as losing or resetting their phone with the Authenticator app). If an admin is assigned to a role you must update the role to have the security administrator setting.
Setting Up/Using Multi-Factor Authentication
- After signing in, the user will be prompted to set up multi-factor authentication for increased security when signing in to the software if it is their first time. If they do not have an authenticator installed, the user will download the appropriate application onto their Android/iOS device. When ready, click Recovery Codes.
- They will be prompted with several recovery codes to use if they are unable to use their Authenticator app. These recovery codes must be stored in a safe location(s). Click Configure Authenticator.
- With the Authenticator app on their phone, the user will scan the QR code or enter the key below the QR code. If successful, they will receive a verification code. They will enter the verification code into the appropriate 'Verification Code' field and click Verify.
- If successful, they will receive the below message. They will return to the login page to sign in.
- From this point forward when signing in to the software, they will be prompted to verify their identity by entering the code generated on their Authenticator app after signing in with their username and password.