What is 2FA?
Two-Factor Authentication (2FA), also known as Multi-Factor authentication (MFA), is an extra layer of protection you can use to ensure the security of your employees' Sage HR accounts beyond just their email address and password.
Do I have to use it?
There isn't a legal requirement to use 2FA, but many businesses consider it best practice to use, especially if it is to access important and confidential information.
How do I set it up?
You can enable 2FA from within your security settings in Sage HR.
Why do I not have 2FA as an option?
Currently, 2FA is only possible for users with a Sage account login. If you have a Sage HR company not integrated with Sage payroll software, 2FA is currently not available.
What do employees do after I enable 2FA?
After you enable 2FA, any employee that is required to use 2FA is prompted to set up their 2FA the next time they log in to Sage HR Online Services.
Can I turn 2FA off?
You can remove 2FA from individual employees, or you can disable any 2FA requirement for your company altogether.
Can I choose to use it for specific employees?
Yes, rather than select it to apply to everyone, you can select specific employees.
Can I make 2FA a requirement for every new employee?
Yes, but only if you have set 2FA to apply to all employees in your company. If you don't, after you add a new employee you must manually enable 2FA for them.
What do I do if an employee doesn't have access to their phone?
Your employees need their phone to receive the one-time passcode to log in, whether that is using an authenticator app installed on their phone, or to receive by text or call. If they don't have access to this phone, they can log in using the recovery code they're asked to note down and keep safe when they first set up their 2FA.
If they've lost this recovery code, you can reset their 2FA so they can set it up again. Alternatively, you can remove 2FA just for them.
What if an employee has a new phone?
If an employee needs to set up 2FA on their new phone, reset their 2FA. They can then set up 2FA again the next time they log in to Sage HR Online Services.
What can I do if an employee doesn't get their 2FA text?
Get them to check their signal and to wait at least 10 minutes. If they still don't get a text they can log in using the recovery code they're asked to note down and keep safe when they first set up their 2FA.
If they've lost this recovery code, then you can reset their 2FA so they can set it up again. Alternatively, you can remove 2FA just for them.
Why is an employee asked to use 2FA when we don't have it enabled?
You may not have 2FA enabled for an employee, but it is possible that the employee uses the same email address to access another company on Online Services. If that company has 2FA enabled, they're required to use it to access any company on Online Services until one of their companies removes it.
We have 2FA enabled, but an employee is no longer asked for 2FA when they log in
It is possible that the employee uses the same email address to access another company on Sage HR or Sage Employee Online Services. That company may have disabled 2FA for the employee. You simply enable it again for the employee.