We understand two-factor authentication is a significant change for some users and we appreciate your patience. To help you and your colleagues with the transition to 2FA, we have listed some commonly asked questions on how 2FA works and how to set it up.
Is 2FA Mandatory?
In alignment with ATO legislation, 2FA is only mandatory for users you have access to other employees’ tax and superannuation information. For the vast majority of users that access Definitiv for timesheets, leave, payslips, approvals etc., 2FA is not mandatory and they can continue to login as normal.
For increased security, you can configure Definitiv to require all users to login via 2FA. However, this is only optional.
How often do I have to enter my 2FA code?
You will be required to enter your 2FA code once every 24 hours per device/browser (the 24 hours commences every time you enter a new 2FA code). Note, your session timeout is still after 15 minutes of inactivity. If timed out, you will be required to enter your password but not the 2FA code again.
If you click on the Logout button, you will perform a full log out, clearing the 24-hour window, and therefore requiring you to enter a 2FA code on the next log in.
Which 2FA authenticator app should I use?
When setting up 2FA in Definitiv, you will see that we have recommended three popular authenticator apps. However, you can choose any authenticator app of your preference. Some are smartphone only, and others can be installed on a Windows or Mac PC. Each authenticator app has their own requirements and we are unable to provide detailed support for each app.
What happens if I lose my 2FA device?
If you lose your 2FA device (i.e. access to the 2FA authenticator app you chose) an admin will be required to send a ‘Reset User 2FA’ email via the User Listing page. The user who lost access will then be required to follow the link in the email, provide their existing password, and then register a new 2FA device.
What happens if I forgot my password with 2FA setup?
You can use the existing Forgot Password process on the login page to request a reset your password email. After clicking the link in the email, you will be required to enter your 2FA code before being allowed to reset your password.
If a user, who requires 2FA but hasn’t yet registered for 2FA, has forgotten their password, they will need an admin to reset it.
What happens if I forget my password and lose my 2FA device?
The only way for a user to access their account will be for an admin to resend a user invite from the User Listing page. The user will be able to follow the link in the email to both reset their email and set up a new 2FA device.
If you are the only admin, and you cannot access your account due to a lost 2FA device, please contact Definitiv support. We will be able to trigger the above process for you.
UNDER THE HOOD.
- The number of employees calculated for pay runs has been updated to only include employees with processed transactions. Previously, it would count anyone included in the pay run, even if they had no transactions.
- This new calculation affects the # Employees field on the Pay Runs screen and the Employees In Pay field within PDF payroll reports.
- When a user that requires 2FA but is not yet registered for 2FA clicks on the link within a reset password email, they will no longer have the option to enter a 2FA code. If the user has forgotten their password, they will require an admin to reset it.
- Resolved an issue where an approved single day leave, or a partial day leave, would not update an employee’s availability to unavailable when assigning shifts in Rostering.
- Resolved an issue where an employee with multiple super contributions (e.g. SGC and salary sacrifice) would not appear on the Audit Report if a future termination date had been entered for the employee.
- Resolved an issue where assigning an authorisation role to a single organisation when editing the permissions for a user would not save in Definitiv.