Multi-Factor Authentication (MFA) adds an extra layer of protection to your OnPay login. This is because, in addition to entering your OnPay password, you'll need to enter a one-time-use 6-digit code that is sent via text message to a mobile number that you've previously set up.
Note: This means that if you don't have access to text messages sent to the provided number, you will not be able to log into OnPay.
Share this security feature with your employees by sending them to this guide!
What we'll cover
Editing your profile
Where you start will depend on whether you're an accountant with clients using OnPay, or you're yourself the business owner or administrator. We'll cover both workflows here. Select below which applies best to your role.
In your accountant dashboard, click on your profile photo, then Edit Profile.
Not an accountant? Try Editing your profile for owners and company administrators (next).
For owners and company administrators
Click on your profile in the upper right.
Click Edit Profile.
From your organization dashboard, click the hamburger in the top left corner.
Here, you can edit your personal info, including name and email, add a recovery email, change your password, or add Multi-Factor Authentication (MFA) to your account.
Setting up MFA
In the "MFA" section of your profile, click 2 Step Authentication.
Enter the mobile number where you can receive text messages. Keep in mind that once MFA is enabled, this phone must be on your person and able to receive text messages in order for you to log in. When you've entered this number, click Send Code.
Check your messages for a new text.
Enter the code in the "Confirmation" field, and click Submit. You'll have five minutes before the code is no longer valid.
If the code you entered is valid, you'll see your number listed in the "MFA" section of your profile.
Logging in with MFA
Once MFA is set up, logging into OnPay will send a text message to the phone number you provided. Use the most recent code in your messages. You'll have five minutes before your code expires.
Enter the verification code within five minutes of receiving it, and click Submit Code.
Note: If you're unable to enter the code within five minutes of receiving it, don't worry. You can just click Return To Login to receive another code.
If you change your mind about this added security, or just need to change the phone number associated with your login, you can always Disable 2-step authentication.
To do this, return to your profile and Edit Profile.
Here, you can click Disable 2FA. Once disabled, you can re-enroll a phone number at any time.