Multi-Factor Authentication (MFA) adds an extra layer of protection to your confidential company and tax information, as well as sensitive employee data. In the same way a candidate might be asked to provide a second form of ID to a job interview, you can make sure that anyone using your OnPay credentials is asked to provide a second means of identification — a unique 6-digit code that only you can get.
You can choose to retrieve this code in one of two ways:
- Authenticator app
- SMS text message
You can also tell OnPay to:
- Remember you for 30 days*
- Require MFA upon each login (every time, no exceptions)
You "Skip for now" but...
If you Skip for Now, you will be prompted to set up Multi-Factor Authentication next time, and every time you log into OnPay, until MFA is enabled. To avoid taking this extra step at each login, enable MFA and select Remember Me before submitting. This allows a trusted web browser to vouch for you for 30 days*.
If Multi-Factor Authentication is not enabled, you will be prompted to set up MFA upon each login.**
*OnPay uses cookies to "remember you" at login. If you then log in using a different computer or smartphone, or using a different web browser, or if you've cleared your browser's cookies or are using a private (incognito) browser window to log in, you will be prompted to enter an MFA verification code.
**This security prompt can not be hidden or disabled.
What we'll cover
- What is Multi-Factor Authentication?
- If asked to enable MFA when logging in
- If you've already enabled Multi-Factor Authentication
- Setting up MFA
- Can't See A Barcode?
- Logging in with MFA
- Disabling MFA
Share this security feature with your employees by sending them to this guide→
What is Multi-Factor Authentication?
Sometimes called Two-Factor Authentication (2FA), MFA gives OnPay a way to verify that you are you, and not just someone with your OnPay password. It does this by way of a second password, a secret code that's different every time, called an authentication code. You can even decide whether you let OnPay generate the code and text it to you, or use an authentication app on your own device, like Google Authenticator.
If asked to enable MFA when logging in
If you haven't already set it up for your account, you'll be prompted to choose how you'd like to generate your authentication code each time you log into OnPay.
You can:
- Download an Authenticator App (like Google Authenticator) to generate your own unique 6-digit code whenever you're ready to log in
- Choose Send Text Message to set up a mobile number where we can send a text message (SMS) with a 6-digit code whenever you log in
- You can go ahead and log in now, and decide next time you log in*
- Go back to enter different OnPay login credentials
*This may have already been enabled when setting up OnPay for the first time
**If you have already set up Multi-Factor Authentication for your OnPay account, and are being prompted to set it up again, click Return To Login and make sure you're logging in using the correct email and password, and are not using autofill. MFA is account specific, and enabling it for your account does not automatically require authentication for other users logging in.
If you've already enabled Multi-Factor Authentication
If MFA has already been enabled for your account, you'll be asked to enter a code after you've entered your email and OnPay password. If you have previously enabled MFA using one method, and wish to instead use another to authenticate your login, you can disable MFA (covered later↓) and then enable it again using your preferred method.
You can enable multi-factor authentication at any time in your OnPay profile, and may have even set it up when you first started with OnPay. MFA is recommended, but not required. You can disable MFA at any time by logging into OnPay and editing your profile.
Editing your profile
Where you edit your OnPay profile will depend on whether you're an accountant with clients using OnPay, or you work at a company that uses OnPay to pay its workers. We'll cover both workflows here. Select below which applies best to your role.
For accountants and OnPay Partner Program members
In your accountant dashboard, click on your profile photo, then Edit Profile.
Not an accountant? Try Editing your profile for owners and company administrators (next).
For owners and company administrators
Click on your profile in the upper right.
Click Edit Profile.
From your organization dashboard, click the hamburger in the top left corner.
Click Profile.
Here, you can edit your personal info, including name and email, add a recovery email, change your password, or add Multi-Factor Authentication (MFA) to your account.
Setting up MFA
Open the "MFA" section of your profile, and click Enable MFA.
Choose your MFA method:
If you chose Authenticator App:
You'll see a 2D barcode called a QR code. Launch your authenticator app and use your device's built-in camera to scan this QR code.
Can't See A Barcode?
If for any reason you don't see a 2D barcode, or your device's camera isn't recognizing the QR barcode, you can click "Can't See A Barcode?" to view a typable code to enter into your authenticator app.
The authenticator app will generate a 6-digit code that is valid for a limited time. Enter this 6-digit in the "Verification Code" field, and click Submit.
Once the valid code has been entered, this phone number is listed in the "MFA" section of your profile.
*Keep in mind that once MFA is enabled, you must have access to this authenticator app in order for you to generate this authentication code and log in.
If you chose Send Text Message:
Enter the mobile number where you can receive text messages* and click Submit. You can ask OnPay to remember you (specifically the device and browser used to log in) for 30 days.
*Keep in mind that once MFA is enabled, this phone must be on (or forwarded to) your person in order for you to receive this text message and log in.
Check your messages for a new text.
Enter the 6-digit code generated by the authenticator app, and click Submit Code.
Once the valid code has been entered, this phone number is listed in the "MFA" section of your profile.
Logging in with MFA (authenticator)
Once MFA is enabled with an authenticator app, OnPay will access the same 6-digit codes generated by the authenticator app installed on your device, and approve your access upon login.
Logging in with MFA (text)
Once MFA is set up with a mobile number, logging into OnPay will trigger a text message, sent to the phone number you've provided. Always use the most recent code in your messages. You'll have five minutes before your code expires.
Enter the verification code within five minutes of receiving it, and click Submit Code.
Note: If you're unable to enter the code within five minutes of receiving it, that's okay. You can click Return To Login to receive another code.
Disabling MFA
If you change your mind about this added security, or just need to change the authentication method associated with your login, you can always disable MFA.
To do this, return to your profile and click Edit Profile.
Click the MFA tile, and click Disable. Once disabled, you can leave it off (not recommended), or enable again MFA using your preferred method.
v6.22 ps