In this article, you will learn about 2-factor authentication within Actionstep. 2-step authentication adds an extra level of authentication to the log-in process, making your access to Actionstep even more secure.
Currently, tax authorities in certain countries are strongly advising any user with access to Accounting (and billing) data to have 2FA enabled. We recommend you check to see if such regulations apply to you. In general, having 2FA in place is the best step you can take to protecting your data and Actionstep recommends it for all their users.
Actionstep's 2-factor authentication will require the use of an authentication App on your phone such as Google Authenticator. When you log in you will be prompted to enter the code that this App will display.
Each user must set this up for themselves. 2-factor authentication cannot be made mandatory for your users.
An administrator can also set another level of security by restricting access to Actionstep to a list of IP addresses. See Password Policies.
Activating 2-step Authentication
This is done on the user's My Profile page. To access the My Profile page, click on your name at the top of the screen above the search box.
Under the 'Password' section, you will see a field showing if 2-step configuration is set up on your login. Click the 'Active' button to activate it.
On your mobile phone, you have to open your Authentication App. On that App, either scan the QR code that appears on screen, or you can click the link below it to show the secret key. The secret key can be manually typed into your App.
Actionstep recommends either:
Your Authentication App will provide you with two codes which you should type into fields on the screen. The App may show one code at a time. Click 'Save' to continue.
Example of what will appear in Actionstep.
Your login is now set to use 2-factor authentication.
Using 2-factor Authentication
When you log in to Actionstep, you will enter your email address and password as per normal. Once you have entered that accurately, you will see the screen below where you are prompted to enter the MFA code.
You will then be able to open the Authentication App on your mobile phone to see the code to enter.
Enter the code and click 'Confirm'.
Deactivating 2-factor Authentication
Note: 2fa cannot be deactivated in Australia and New Zealand
You can deactivate 2-factor authentication once you have logged back into your system. Just return to the My Profile screen and click the 'Deactivate' button.
You will have to enter a code from your Mobile App, tick the box confirming removal of the 2-factor authentication and then click the 'Save' button.