Using an authenticator app to enable Multi-Factor Authentication (MFA) adds an additional layer of protection to your confidential company and tax information, as well as sensitive employee data. In the same way a candidate might be asked to provide a second form of ID to a job interview, you can make sure that anyone who tries to log in using your OnPay password is asked to provide a second means of identification — a unique 6-digit code that only you can access.
What is Multi-Factor Authentication?
When logging into OnPay with MFA enabled, you're prompted to enter a second passcode. This 6-digit, one-time-use code is randomly generated on your smartphone, using a third party app called an authenticator. Once you've downloaded and set up an authenticator app, you can connect it to your OnPay account to generate a unique security code each time you log into your OnPay account.
Why is setting up MFA important?
If you don't set up Multi-Factor Authentication, and someone gains access to your OnPay password, not only could they access your secure company and employee data, but they could also enable MFA using their own authenticator, effectively locking you out of your own account. Set up MFA as soon as possible to ensure it takes more than just your email and password to access your OnPay account information.
If asked to enable MFA at login
If you haven't already set it up for your account, you'll be prompted to choose how you'd like to generate your authentication code each time you log into OnPay.
Your options are:
- Use an Authenticator App to generate your own unique 6-digit code whenever you're ready to log in (most secure)
- Choose Send Text Message (less secure) to set up a mobile number where we can send a text message (SMS) with a 6-digit code whenever you log in
- You can "skip for now", and set up MFA next time*
- To enter different OnPay login credentials
*Until Multi-Factor Authentication is enabled, you will be prompted to set up MFA upon each login. This security prompt cannot be hidden or disabled.
Editing your profile
Where you edit your OnPay profile will depend on whether you're an accountant with clients using OnPay, or a company owner or administrator. We'll cover both workflows here. Select below which applies best to your role.
Click on your profile in the upper right.
Click Edit Profile.
From your organization dashboard, click the hamburger in the top left corner.
Click Profile.
Here, you can edit your personal info, including name and email, add a recovery email, change your password, or add Multi-Factor Authentication (MFA) to your account.
In your accountant dashboard, click on your profile photo, and select Edit Profile.
Setting up MFA
Open the "MFA" section of your profile, and click Enable MFA.
Choose your MFA method:
Setting up an MFA Authenticator
Click Authenticator App.
You'll see a 2D barcode called a QR code on your screen. This will be one of the methods for adding your OnPay account to your authenticator app on your smartphone. You may need to permit the app to use your phone's built-in camera.
If for any reason you don't see a 2D barcode, or your device's camera isn't recognizing the QR barcode, you can click "Can't See A Barcode?" beneath the unique QR code, for an alpha-numeric code you can type into your authenticator app.
The authenticator app will generate a 6-digit code that is valid for a limited time. Enter this 6-digit in the "Verification Code" field, and click Submit.
Once the valid code has been entered, this authentication method is listed in the "MFA" section of your profile.
Once MFA is enabled, you must have access to this authenticator app in order for you to generate this authentication code and log in.
If you chose Send Text Message:
SMS text is only to be used if you do not have access to a smartphone. Using SMS text for verification is fundamentally less secure than using an authenticator.
If you don't own a smartphone, but have a mobile phone with SMS (text) messaging, you can still enable 2-factor authentication (2FA). This is not as secure as MFA with an authenticator app, so be sure to only use the SMS option if you don't own a smartphone.
Enter the mobile number where you can receive text messages and click Submit.
Check your messages for a new text message. The message will include your OnPay verification code, and state how long you have to use this code before it expires.
Enter the temporary 6-digit code found in the message, and click Submit Code.
Once the valid code has been entered, you'll see your mobile number listed under "MFA" in your profile.
Logging in with MFA
Once MFA is enabled with an authenticator app, OnPay will require you to enter the authentication code generated by your authenticator, to approve your login credentials.
Changing your MFA method
Once MFA has been enabled for your account, you'll be asked to enter a code when you log into OnPay. If you have previously enabled MFA using one method, and wish to instead use another to authenticate your login, you'll need to disable MFA, then enable it again using your preferred method.
You can enable multi-factor authentication at any time in your OnPay profile, and may have even set it up when you first started with OnPay. MFA is recommended, but not required. You can disable MFA at any time by logging into OnPay and editing your profile.
How to disable MFA
If you need to change the authentication method for your login, you'll first need to disable MFA.
To do this, return to your profile and click Edit Profile.
Click the MFA tile, and click Disable. Once disabled, you can leave it off (not recommended), or enable again MFA using your preferred method.
v7.25