Troubleshooting: I'm asked to set up two-factor authentication - why, and what can I do?

If you're enforced to use 2FA, you'll be prompted to set up two-factor authentication:

1. Click on the SET UP TWO-FACTOR AUTHENTICATION button.
   
2. Download an Authenticator app on your smartphone.
   Suitable Authenticator applications are:
1. Google Authenticator  ( Android,  iOS)
   
2. DuoMobile ( Android,  iOS)
   
3. Microsoft Authenticator ( Android,  iOS)
   
4. FreeOTP ( Android,  iOS)
   
5. Authy ( Android,  iOS) 
   
6. Authenticator
   
7. Windows Authenticator
   
   If you don't have a smartphone, you can download a desktop version.
    Do not delete the Authenticator after the installation. You will need it to login the system using 2FA.
   
   
3. Scan the QR code and click on NEXT.
   
   
4. It is important to finalise the 2FA setup: if you return to a previous page, or close an active page, during the 2FA setup, you’ll need to delete the previously added authentication record and set up a new one from scratch.
   
   
   
5. Enter the code from your Authenticator app and click on CONTINUE:
   
   
   Important note: you can get a Wrong Code message when you enter a 2FA code.
   There are several possible reasons for this:
1. The code you entered has expired, so you just need to enter a new one during the validity period.
   
2. You might have entered a code from an Authenticator that hasn’t been configured to be used for ApprovalMax.
   
3. Or, you returned to a previous page / closed an active page during the 2FA setup. This makes the code generated for the QR code that you had scanned earlier (authentication record) invalid. If this is the case, you’ll need to delete the previously added authentication record and set up a new one from scratch.
   
   
6. Add an alternative 2FA option:
   
   
   
1. Click on BACKUP CODES to generate 10 codes that can be used during your login as a 2FA option:
   
   Download or copy-paste these codes. After that, tick the checkbox "Yes, I have saved the backup codes" and click on Done to finalise the settings.
   
   Note: When entering the Backup code, ensure you input it without spaces (eight numbers in a row).
   
   
2. OR, click on BACKUP EMAIL to provide an alternative email address to fall back on and then on SEND ME THE CODE.
    This alternative email address will be used in case you lose your phone or accidentally delete the Authenticator app.
   
   
   Open your mailbox and copy-paste the code:
   
   
   Enter the verification code from the email and click on CONFIRM THE CODE to finalize the settings:
   
   
   
7. When the 2FA setup has been completed, you can use the "Trust this device" feature that allows you to designate a specific device as trusted during the login process. When enabled, this feature provides you with the convenience of bypassing the usual two-factor authentication (2FA) process on subsequent logins from the trusted device.
   
   
   
   
   The "Trust this device" feature is designed to strike a balance between user convenience and security. By allowing trusted devices, users are not burdened with repetitive 2FA steps during subsequent logins from those trusted sources. However, this feature should be used with caution and only on personal or secure devices to prevent unauthorised access to accounts. 
   
   Alternatively, you can pass the authentication flow through your SSO provider. This option does not require users to set up 2FA, even though it is supposed to be enforced.
   
   Please see our video on how to set up two-factor authenticator in your ApprovalMax account.
   
   
   https://www.youtube.com/watch?v=iShXob5NH58

• Related Articles

• Video: How to manage two-factor authentication in ApprovalMax

  ApprovalMax product walk-through: how to enable two-factor authentication (2FA) in ApprovalMax https://www.youtube.com/watch?v=iShXob5NH58 You can also have a look at this article: Does ApprovalMax support 2FA?

• 2FA: Frequently Asked Questions

  Question Answer What happens if I just don't enable 2FA? If it's Soft Enforcement, you'll see a pop-up prompting you to set up 2FA with every page refresh. However, you can skip it until the next refresh. If it’s Hard Enforcement, you'll be ...

• Troubleshooting: Construction Industry Scheme

  If you don't see the CIS system accounts in ApprovalMax, it indicates that the Organisation is not CIS-enabled. To use CIS transactions, the Organisation needs to have CIS enabled in Xero. Contacts cannot be enabled for CIS through ApprovalMax. This ...

• Troubleshooting: Budget isn't changed in ApprovalMax after being reuploaded in Xero and synced

  When you reupload a CSV budget file in Xero, Xero doesn't change the “last updated” date. Therefore, ApprovalMax doesn't sync any changes. To resolve this, please edit at least one amount manually and save that change in Xero. Then sync the budget to ...

• How to set up an Airwallex Batch Payment approval workflow

  This is how you set up an Airwallex Batch Payment workflow: In the main menu, select your Organisation and open Approval Workflows under Workflows And Settings: Select the respective approval workflow: The first step is Payment Creation. Here you can ...