As an agency you have the option to either apply MFA to all users, or groups of users. Alternatively, you can allow individual users to apply MFA themselves, within their password settings. If you have SMS messages sent from InTime set up for your agency, then the user will able to select SMS to provide them with a one-time code to enter. Alternatively, they can use an authenticator application.
If you apply MFA as a mandatory setting, and do not have SMS set up against the agency, please make sure that all users have a mobile application authenticator ready for when they next login. Go to multi-factor authentication guide for users for further information.
| Anchor | ||||
|---|---|---|---|---|
|
...
How do users log in for the first time?:If using an authenticator; if using SMS
What happens if a user has changed/lost their device?
...
Mobile application authenticator: this will generate a 6-digit passcode. You can download authenticator applications via app stores, the most common ones are google authenticator and microsoft authenticator. When you go into your app, you will be given a one-time password (which is time sensitive) to enter on the InTime login screen. Please note: if you apply QR Code as the authentication method, please make sure that you have a mobile application authenticator ready for when you next login.
SMS: you can receive a one-time 6-digit password (which is time sensitive) by text message to enter on the InTime login screen. Please note: the SMS option can only be selected if you have SMS messages set up as an agency.
...
Require multi-factor authentication for user types - This means when the user next logs in they must select a authentication type, they will not get the option of none - do not secure my account using MFA. They will only get the QR code or SMS (if available) to options.
Require single sign on authentication for user types - This allows you to force users to only use single sign on. These users will not have an option to log in to InTime with a username and password. If unticked users will be able to use both methods to log into InTime. For example: All internal users at your agency log in to InTime with single sign on via your intranet page. If you tick require single sign, they will not be able to log in to InTime outside of your single sign on link. If you leave the option unticked, users will be able to log in via your intranet using single sign on, and by using the InTime URL outside of your intranet and log in with a username and password.
Scroll to the bottom of the page and click save.
If you do not tick any option below, individual users can apply MFA themselves go to multi-factor authentication guide for users for details.
How do users log in for the first time? Anchor How do users login for the first time? How do users login for the first time?
| How do users login for the first time? | |
| How do users login for the first time? |
Users will log into RSM InTime with their username and password as normal. They will then be required to select an authentication method. Go to multi-factor authentication guide for users, for a full user guide.
The dropdown will show:
None - do not secure my account using multi-factor authentication - This will only be available if you have ticked Suggest multi-factor authentication for user types, giving them the option to choose.
QR code - To be used with a mobile authenticator application.
SMS text message - This will only be available if SMS messages has set up for the agency.
If using an authenticator Anchor If using an authenticator If using an authenticator
| If using an authenticator | |
| If using an authenticator |
...
If using SMS Anchor If using SMS If using SMS
| If using SMS | |
| If using SMS |
If the user selected SMS, a box will appear to enter their mobile number. Once entered, they will click send and receive a one-time 6-digit verification code, they will enter the code in the box provided and click check, a green success box will appear in the top right-hand corner, click continue. They will be logged into RSM InTime.
Please note: the user must make sure their mobile number is correct before clicking send. If they have entered the wrong mobile number, they will need to ask the agency to reset their passwords and start the process again.
What happens if a user has changed/lost their device? Anchor What happens if a user has changed/lost their device? What happens if a user has changed/lost their device?
| What happens if a user has changed/lost their device? | |
| What happens if a user has changed/lost their device? |
...