We are pleased to confirm the upcoming release for RSM's Client Portal. This will be available to you on Monday 6th February 2023.
Listening to our users is important to us, we hope that you find these changes useful and they help streamline your business processes.
We always value feedback, so please let your RSM contact know if you wish to discuss anything further.
All previous release notes can be found here: Client Portal release notes.
Key highlight: Multi-factor authentication & administration
We have introduced multi-factor authentication for the client portal which will be available for all users. Using MFA, users' accounts will have enhanced security.
New features:
Multi-factor authentication & administration - all users
Improvements:
New features
Multi-factor authentication & administration - all users
What is MFA?
MFA is a two step process. You will login to the client portal as normal, and then be required to enter a one time password. This password is generated by a mobile application authenticator. These can be downloaded via app stores, the most common ones are google authenticator and microsoft authenticator. When you go into your app, you will be given a one time password to enter into the client portal login screen. This adds an additional layer of security to your data and login details, based on a password that only you know, and a one time password on a device that only you have. If you are a client user, please speak to your payroll representative about setting this up.
How is it set up?
Firstly, make sure you have an authenticator already downloaded on to your mobile device. Only users with admin rights will be able to set this up for other users, this can be set at user level or at client level, if all users at a client wish to use it.
In the top menu bar, go to admin - users. Search for the user you want to apply this to and go into their record. You will see a section called authentication. Using the dropdown for authentication type, select time-based one-time password. To set up a new user go to. LINK
IT SUGGESTS THAT RSM ADMIN USERS NEED TO IMPERSONATE THE USER? DO THEY? IF SO SURELY ALL USERS NEED TO SPEAK TO THEIR RSM REPRESENTATIVE ABOUT THIS?
Please note: You will need to make sure the active box is ticked within the details section as well.
How does the user login for the first time?
When the user logs in for the first time with their username and password. They will then be presented with a QR code, this needs to be scanned using the authenticator app the user has downloaded. The app will then provide you with a one-time 6 digit verification code, enter that in the client portal login page and click next. You will then be logged into to client portal. After the initial login, you will enter your username and password and then enter your 6 digit verification from your MFA app.
What happens if a user loses their mobile device or authenticator application
Admin users can reset.
Overriding the authentic - RSM ADMIN USERS ONLY - What does this do at client level?