Skip to main content

Access Identity two factor authentication (2FA)

Is it possible to set up 2FA for all users on PeopleHR.

J
Written by Joshua Shooter
Updated over 2 months ago

The Access identity 2FA enforcement is linked directly to a domain rather than to a user. Once a domain is set up for forced 2FA all users with email addresses within this will be covered by the forced 2FA.
​
To configure 2FA in Access Identity, follow the steps described in the table below:

Step

Details

Identify your domains

Your domains will be on the right-hand side of your email addresses after the @ symbol for your users. Usually, it's your company name followed by .com or .co.uk, for example, the email: [email protected], the domain would be theaccessgroup.com.
​
Gather together at least one email address from each domain you wish to register and ensure that you have the ability to test email messages with at least one user per domain that is to be registered. If in doubt, your IT team should be able to support you with understanding what your domains are.

Identify who manages your domain

A TXT record needs to be added to the domain DNS to verify ownership of the domain. Typically, your IT department has access to the domain DNS.

Register for identity

πŸ“ŒNote: If you already registered with Access Identity due to using other Access products, once clicking https://identity.accessacloud.com/ you can either enter your password or reset your password to access your Identity account.
​
To register each domain with Access Identity, register at least one email address per domain. To do this, go to https://identity.accessacloud.com/ and click Create New Account.
​
Do this with one email per domain you wish to set up. We recommend this person is your administrator in case you need to come back and edit this later. This is a once-off task with one user per domain.
​
Once the setup is complete, all other users automatically move to Access Identity, without any impact on how they login in. Repeat this step and further steps once per domain.

Setup Domain

Complete the Access Identity Federation configuration for each domain. Your domain manager can assist you with this.
​
πŸ“ŒNote: 2FA and SSO are included in all PeopleHR packages.

Set up Forced 2FA

All users from a registered domain must use 2FA to log in. This step is optional, if not followed user can opt in to 2FA individually.
​
Navigate to Security policies in your identity account:

  1. Select Add security policy then scroll down to Two-factor authentication.

  2. Select Force two-factor authentication then click Save changes.

  3. Go to Domains and associate your security policy with the domain listed.

Run a test

Sign out of Access Identity.
​
To test your setup go back to the homepage https://identity.accessacloud.com/ and type your email address in. When you click next you should be prompted to set up 2FA as part of your login if forced 2FA has been applied.
​
Going forward this will be a mandatory login step.

You're good to go!

FAQs

Question

Answer

What do we do if we don't have a company domain?

If you do not own a domain, you can't use the 2FA login.
​
However, offer social sign in options for Gmail, Microsoft and LinkedIn, which allow users to directly authenticate through them.
​
πŸ“ŒNote: All other domains need to log in with a username and password instead of using 2FA.

Can we force all users to use 2FA in the company?

This is available by domain.

  • If your company use the same domain for all users, this will be completed in one setup.

  • If your company has multiple domains, perform the setup for each domain that you would like to force 2FA enablement.

Can we force 2FA for admin users only in a company?

Access Identity does not support individual force, however, admin users can opt into the 2FA by setting this up on their own account.

Related Articles
Unable to log in with 2FA
Disable two factor authentication
Enable Access Identity two factor authentication for one user
Set up Access Identity single sign on (SSO)
Refresh 2FA
Did this answer your question?