InTime - Multi-factor authentication

InTime supports multi-factor authentication (MFA), this is applied to your Backtothetopsystem and either all users or the specific roles you request will be required to use MFA once active. Please speak to support if you wish to enable this, and make sure that all users have a mobile application authenticator ready for when they next login. Once applied to your system, users will not be able to log in to InTime without using MFA and an authenticator. 

What is MFA?
Can it be used with single sign on?
How to enable MFA?
How do users log in for the first time?
How do new users register when MFA is enabled?
What happens if a user loses or changes their device? 
What is MFA? 

MFA is a two-step process. You will log into InTime as usual, and then be required to enter a one-time password. This password is generated by a mobile application authenticator. These can be downloaded via app stores, the most common authenticators are Google authenticator and Microsoft authenticator, but others are available.

When you use the authenticator, you will be given a one-time password (which is time sensitive) to enter in the login screen. This adds an additional layer of security to your data and login details, based on a password that only you know, and a one-time password on a device that only you have. 

Can it be used with single sign on? 

If you are using your own single sign on provider to log in to our systems, and/or have your own MFA set up, you may not require RSM's multi-factor to be set up.

MFA can be used alongside single sign on if you wish to add another level of security. When a user clicks on the single sign on button, they will be presented with the verification box to enter a code.

How to enable MFA 

Firstly, make sure you have an authenticator app already downloaded on to your mobile device. Each individual user will need to have this on their own device. Please send an email request to the support team who will enable MFA for you. Your app will display some text for each authentication that you have set up.  We will use RSM InTime by default, but if you want to use a different phrase, please let the support team know what you'd like to use in your request.

Back to the top 

How do users log in for the first time? 

You will log into InTime as normal with your username and password.  You will then be presented with a QR code, and a verification code box. Scan the QR code using the authenticator app you have downloaded. The app will then provide you with a time sensitive one-time 6-digit verification code, enter the code in the box provided and click verify. You will be successfully logged in.

After the initial login, you will no longer see the QR code. Simply enter your username and password you will then be prompted to enter your 6-digit verification code from your authenticator app, click next and you will be logged into InTime.

Back to the top

How do new users register when MFA is enabled? 

Firstly, make sure you have an authenticator app already downloaded on to your mobile device. Follow the login process, using the registration link which was sent to you by email and enter the required information.

 

Select your authentication method, and then scan the QR code using the authenticator app you have downloaded. The app will then provide you with a time sensitive one-time 6-digit verification code, enter the code in the box provided and click Check. Once you have entered and verified the code, you can then click Continue, to login to InTime.

What happens if a user loses or changes their device? 

If you lose or change your mobile device, or have had to reinstall the authenticator application, you may need to have your MFA reset for the client portal. Please speak to the support team so they can reset your password for you.  This will require a reset of your password as well as a reset of the multifactor authentication. Once reset, you will follow the steps as above as a first-time user. 

Back to the top