Skip to main content
2FA - FAQ for employees

Answers to common questions and queries by employees using two-factor authentication (2FA) to log into Sage HR.

Oliver Cook avatar
Written by Oliver Cook
Updated over a week ago

What is 2FA?

Two-Factor Authentication, also known as 2FA, is an extra layer of protection for you to use to ensure the security of your Sage HR account beyond just your email address and password. Every time you log in, you’ll be given a 6-digit code to verify that it’s you. This could be entering a code sent to you by text, or on an authenticator app.


Why use 2FA?

Phishing attempts, use of personal devices, and weak passwords can put your data at risk. 2FA adds an extra layer of authorisation when users log in to prevent third parties accessing data, even if a username or password has accidentally been shared.


When do I use 2FA?

When you have an employer that enables 2FA for Sage HR, you use 2FA after you enter your login details for your Sage HR company. You'll be prompted to enter a code to verify it's you.

📎NOTE: This applies to both logging into your company via the Sage HR website or the Sage HR mobile app.


How do I get a 6-digit code?

You can choose from 3 different methods. This verifies that users are who they say they are when logging into Sage products, helping to prevent fraudulent sign-in attempts.

Authenticator app (Recommended)

The most secure option, and recommended by Sage this is a time-based code is generated by an authenticator app (such as Microsoft Authenticator, Twilio Authy, and Google Authenticator) downloaded to the user’s mobile device, tablet, or desktop.

See how this works

SMS text

The code is sent to your mobile device.

See how this works

Phone

The code is sent via voice to your mobile device or landline (depending on the number you have provided).

See how this works


Where do I find a supported authenticator app?

Sage supports most third-party authenticator apps, including Microsoft Authenticator, Twilio Authy, and Google Authenticator.

You can download any of these apps from the App Store on iPhone or Google Play on Android devices. Or you can use the authenticator app from your desktop/tablet with browser plugin.


Do I have to use it?

If your employer enables 2FA for you in their settings, you have to use it until they remove it. If this is an issue, you must raise this with your employer.

They may be able to remove access for individual people, but that is at their discretion, and also may depend on their Sage HR setup.


How do I set it up?

You're prompted to set up 2FA the first time you log in after your employer enables it for their company.


Can I turn 2FA off?

No, if you want 2FA switched off you have to discuss this with your employer, as it is controlled by them.


How do I reset my 2FA?

To reset your 2FA, we advise you to contact your employer.

They can confirm whether they can reset it for you using their Sage HR admin settings. If your employer can reset it, you'll be prompted to set up 2FA again the next time you log in to Sage HR.

If they can't reset it, they can confirm whether you need to into account.sso.sage.com, click 2-Factor Authentication, then remove your device for 2FA so you can set it up again.


What's a recovery code and why is it important?

When you set up 2FA you're asked to note down a 24-digit code:

EXAMPLE: VNDS - 79KB - 7JAJ - QNKA - F5F7 - YUPX

It’s really important that you save this recovery code somewhere safe and accessible. This code will be required if you ever need to log in but don’t have your devices with you to retrieve the code.

If you lose this recovery code, your employer has to reset your 2FA so you set up 2FA again and note down your new recovery code.


What if I don't have access to my phone?

You need the phone 2FA was set up on to receive the one-time passcode to log in. You can receive this using an authenticator app installed on your phone or by text or call.

If you don't have access to your phone, you can log in using your recovery code that you're asked to note down and keep safe when you first set up your 2FA.

If you lose this recovery code, you can log in using your recovery method, such as an alternative email address or phone number. If you never set this up then contact your employer so they can check with Sge support on how to reset your 2FA.


What if I have a new phone?

If you need to set up 2FA on your new phone, your employer may need to reset 2FA for you. You can then set up 2FA again the next time you log in to access your payslips.

If they can't reset it, they can confirm whether you need to into account.sso.sage.com, click 2-Factor Authentication, then remove your device for 2FA so you can set it up again on a new device.


What if my authentication code isn't working?

If your code isn't working use your recovery code. Alternatively, contact your employer who can reset your 2FA.


What if I don't get my 2FA text?

Check their signal and wait at least 10 minutes. If you still don't get a text you can log in using the recovery code that you're asked to note down and keep safe when they first set up your 2FA.

If you lose this recovery code, you need to have your 2FA reset.


Why am I asked to use 2FA when my employer doesn't have it enabled?

One of your employers may not have 2FA enabled, but it is possible that you used the same email address to access another current or ex-employer on Online Services. If that employer has 2FA enabled, you're required to use it to access any company on Online Services until one of your employers removes it.

It may also be because you use your Sage account for another Sage product which requires 2FA, which then applies to all other places you log in with that Sage account.


What's an authenticator app?

Authenticator apps are mobile applications for smartphones to help you securely verify your identity, so only you or the people you trust can access apps and data.

There are different authenticator apps to choose from. Google and Microsoft have their own authenticator apps, but you can go to Google Play or the Apple App Store and find one that works for you.

📌TIP: We recommend using an authenticator app, but you can choose to receive your authentication code via text or voice call instead.

Did this answer your question?