Once Two-Factor Authentication (2FA) has been enabled for your company, Employee User Accounts will need to use an authenticator to log into all web portals (ESS / DA and the MyPay mobile application).

The below guide has been split into two sections:

Registration (First Login)

Unlike Non-Employee Users, Employee Users can choose between using an authenticator (such as Authy) or the MyPay application as their second layer. If they opt to use MyPay they will receive a push notification from the app when they attempt to log in to ESS / DA. If logging into MyPay the app uses the physical phone as the second layer, meaning users only have to enter their PIN as they did before.

Upon logging to a web portal (ESS / DA or MyPay) for the first time after 2FA has been enabled, your employees will be greeted by the following screen with the option to choose either MyPay or an authenticator. The option to skip is only offered once, and users will not be able to log in a second time without setting up their account for use with 2FA. 

At this point the Registration section is split between using an authenticator or MyPay

Selecting to Register with an Authenticator

After selecting "Log in with an authenticator" users will be taken to the below page to start the process of registering with 2FA. They will be required to download a 3rd party authenticator - this can either be a mobile phone app, or a desktop application. Common options are Authy or Google Authenticator, however if they already have another authenticator app installed they should be able to use this as well.

If they are using a mobile app authenticator then they should scan the QR code on the screen when prompted. If they have opted to use a desktop app they will need to manually enter in the code underneath the QR code.

Once entered, your authenticator should produce a 6 digit code for you to enter into the application in Step 3 below:

After successfully linking their account to the authenticator, the final step in the process will require them to to set up 5 security questions. There are a number of question options available to select from.

Once complete, they will be shown a final screen indicating that the process has been successful.

Selecting to Register with MyPay

If an user selects to register with MyPay they will need to have their mobile device handy. There are some important things to note when registering with MyPay authentication. Once registered:

• No other user accounts will be able to log in to that device
• The user account will not be able to log in to any other devices until it has been delinked from the original device.

With these restrictions in place, this means that users with multiple accounts will have to use two different methods of authenticating (MyPay + Authenticator)

On selecting to register with MyPay, users will be shown the following screen:

Employees will then need to open MyPay on their mobile device, and sign in as normal. Upon successful sign in, they will be greeted by a 2FA welcome screen which explains some of the restrictions and useful information.
Selecting 'Next' will ask them to confirm they wish to continue registering this device for use with 2FA.

Once they have registered the device as above, heading back to their browser they will see the page change and will show the details of the mobile device they just set up for use with 2FA.

A push notification will be sent to the newly setup device to approve the setup and complete the registration process. The notification can either be viewed and approved from inside the MyPay app of from the the the home screen / outside the app. Both options are shown below.

After successfully linking their account to their mobile device through MyPay, the final step in the process will require them to to set up 5 security questions. There are a number of question options available to select from.

Once complete, they will be shown a final screen indicating that the process has been successful.

Subsequent Logins

Logging in using an Authenticator

After entering their username and password into a web portal (ESS / DA) they will be shown the below screen:

At this point they will need to open their authenticator application (either desktop or mobile app) and enter the 6 digit code provided. On successful entry, the below screen will display:

They will be provided with the option to have their browser remembered for the day. If selected, during the current day they will not need to use the authenticator to log in to the web portal. On the following day they would then be prompted to use the authenticator to log in again, and be given the option to be remembered for that day.

Logging in using MyPay

After entering their username and password into a web portal (ESS / DA) they will be shown the below screen:

A push notification will be sent to the phone which they previously registered with. If they do not accept the notification within the allotted time it will expire. In this event, users are able to send another notification from their browser. This time limit is currently set to 5 minutes.

Assuming the user accepts the push notification within the required time frame, they will be shown the below screen confirming successful login and offered the choice of remembering this browser for the day.