As an agency you have the option to either apply MFA to all users, or groups of users. Alternatively, you can allow individual users to apply MFA themselves, within their password settings. If you have SMS messages sent from InTime set up for your agency, then the user will able to select SMS to provide them with a one-time code to enter. Alternatively, they can use an authenticator application.
If you apply MFA as a mandatory setting, and do not have SMS set up against the agency, please make sure that all users have a mobile application authenticator ready for when they next login. Go to multi-factor authentication guide for users for further information.
Anchor | ||||
---|---|---|---|---|
|
...
How do users log in for the first time?:If using an authenticator; if using SMS
What happens if a user has changed/lost their device?
...
Mobile application authenticator: this will generate a 6-digit passcode. You can download authenticator applications via app stores, the most common ones are google authenticator and microsoft authenticator. When you go into your app, you will be given a one-time password (which is time sensitive) to enter on the InTime login screen. Please note: if you apply QR Code as the authentication method, please make sure that you have a mobile application authenticator ready for when you next login.
SMS: you can receive a one-time 6-digit password (which is time sensitive) by text message to enter on the InTime login screen. Please note: the SMS option can only be selected if you have SMS messages set up as an agency.
...
As an administrator you can apply MFA to groups of users. Go to the system configuration cog in the top right hand corner, and within the system section, click security settings.
Allowing SMS - You may have SMS settings applied, but only wish to use this function for reminders , and not allow users to retrieve an authentication code. If you do want SMS as an available option, you must tick enable multi factor authentication over SMS. If you do not tick this option, even with SMS settings enable, it will not appear for a user to choose.
Suggest multi-factor authentication for user types - This will prompt the user the first time they log in, to select an option. Please note: They can select to not use MFA if they wish. Once they have selected no, they will not be asked again.
Require multi-factor authentication for user types - This means when the user next logs in they must select a authentication type, they will not get the option of Tick the appropriate box against the user group you wish to apply MFA to.
If you do not want to apply it to groups none - do not secure my account using MFA. They will only get the QR code or SMS (if available) to options.
Require single sign on authentication for user types - This allows you to force users to only use single sign on. These users will not have an option to log in to InTime with a username and password. If unticked users will be able to use both methods to log into InTime. For example: All internal users at your agency log in to InTime with single sign on via your intranet page. If you tick require single sign, they will not be able to log in to InTime outside of your single sign on link. If you leave the option unticked, users will be able to log in via your intranet using single sign on, and by using the InTime URL outside of your intranet and log in with a username and password.
Scroll to the bottom of the page and click save.
If you do not tick any option below, individual users can apply MFA themselves go to multi-factor authentication guide for users for details.
How do users log in for the first time? AnchorHow do users login for the first time? How do users login for the first time?
How do users login for the first time? | |
How do users login for the first time? |
Users will log into RSM InTime with their username and password as normal. They will then be required to select an authentication method. Go to multi-factor authentication guide for users, for a full user guide.
The dropdown will show:
None - do not secure my account using multi-factor authentication - This will only be available if you have ticked Suggest multi-factor authentication for user types, giving them the option to choose.
QR code - tTo be used with a mobile authenticator application.
SMS -this This will only be available if SMS messages has set up for the agency.
If using an authenticator AnchorIf using an authenticator If using an authenticator
If using an authenticator | |
If using an authenticator |
...
The authenticator app will then produce a one-time 6-digit verification code, they will enter the code in the box provided and click check, if successful, then a green success box will appear in the top right-hand corner, click continue. They will be logged into RSM InTime.
If using SMS AnchorIf using SMS If using SMS
If using SMS | |
If using SMS |
If the user selected SMS, a box will appear to enter their mobile number. Once entered, they will click send and receive a one-time 6-digit verification code, they will enter the code in the box provided and click check, if successfula green success box will appear in the top right-hand corner, click continue. They will be logged into RSM InTime.
Please note: the user must make sure their mobile number is correct before clicking send. If they have entered the wrong mobile number, they will need to ask the agency to reset their passwords and start the process again.
What happens if a user has changed/lost their device? AnchorWhat happens if a user has changed/lost their device? What happens if a user has changed/lost their device?
What happens if a user has changed/lost their device? | |
What happens if a user has changed/lost their device? |
...