How to Set Up Two-factor Authentication

Overview

Two-factor authentication works as an extra layer of security for your data in addition to your user name and password. With two-factor authentication, you need to enter a verification code in addition to your password when you log in to Simpro Premium. This secure login process reconfirms your identity and prevents unauthorised access to your account.

For security reasons, any software that integrates with Xero and has a large number of users is required to use two-factor authentication (2FA). If you currently have Xero integrated with Simpro Premium, you will need to activate 2FA in order to continue using the accounting link.

To use this Simpro Premium security feature, download Google Authenticator on your Android or iOS mobile device from Google Play and App Store respectively.

Please note that while two-factor authentication for Simpro Premium was developed and is supported to work with the Google Authenticator app, other authenticator apps, such as Microsoft Authenticator, may be compatible.

In order to view content or perform actions referred to in this article you need to have the appropriate permissions enabled in your security group. Go to System A screenshot of a schedule icon with a grey calendar icon and an arrow. > Setup > Security Groups and access your security group to update your permissions. The relevant security group tab and specific permissions for this article can be found here:

Two-Factor Authentication

You need to have the applicable security group permissions enabled to access two-factor authentication settings in Simpro Premium.

  1. Go to System A screenshot of a schedule icon with a grey calendar icon and an arrow. > Setup > System Setup > Security Groups.
  2. Click the required security group from the list.
  3. Go to the Setup tab and click System.
  4. Select the Two-Factor Authentication check box.

With the security permissions enabled, you can activate two-factor authentication for all users in your Simpro Premium build.

  1. Go to System A screenshot of a schedule icon with a grey calendar icon and an arrow. > Setup > Two-Factor Auth.
  2. Toggle ON to enable Two-factor Authentication.

When you set up the Two-factor Authentication, you are prompted to complete an onboarding process on your next login. Before you get started, download and install Google Authenticator or your chosen authenticator on your iOS or Android mobile device.

Please note that while two-factor authentication for Simpro Premium was developed and is supported to work with the Google Authenticator app, other authenticator apps, such as Microsoft Authenticator, may be compatible.

You can set up the option to trust the device you are logging in from when using two-factor authentication. This option helps remember a device for 30 days and allows you to use two-factor authentication without having to constantly verify your login attempt.

To set up Google Authenticator with QR code, you need Android version 2.3.3 or later / iOS 7.0 or later.

Enter your Simpro Premium user credentials and follow the steps below:

  1. Click Get Started.
  2. You are then presented with a QR code in Simpro Premium to scan with your Google Authenticator app. Scan the QR code with your mobile device.
    • If your mobile device does not have a camera, click Manual Entry with Provided Key below the code and enter the key into the app manually.
    • Make sure you toggle on Time-based when you enter the key manually.
  3. When the Google Authenticator app displays a 6-digit authentication code, enter it in the field provided and click Next.
    • Select Trust this device to only be prompted every 30 days to complete the authentication, provided you are logging in from the same device with the same browser.
  4. Select your three security questions and enter corresponding answers, then click Next.
  5. The setup process for the Two-factor Authentication is now complete. Click Go to Dashboard.

On your next login after the Two-factor Authentication setup is complete, you need to enter the 6-digit Authentication Code generated by the Authenticator app in Simpro Premium. Alternatively, click I don't have my device with me to answer the security questions that you configured during the setup.

If you disable the Two-factor Authentication in System Setup and later re-enable it again, users are prompted to set up their security code and questions again.

If you are unable to login to Simpro Premium using the two-factor authentication process, your Simpro Premium admin can reset your login using the settings in your employee card.

  1. Go to People A screenshot of a schedule icon with a grey calendar icon and an arrow. > Employees.
  2. Access the required employee card.
  3. In the Profile tab, click Settings.
  4. Click Reset Authentication.

The employee can then redo the two-factor authentication onboarding process.

For an easier login process, designate one or more specific trusted devices. Trusted devices require two-factor authentication every 30 days instead of every time you log in.

When logging into Simpro Premium, select Trust Device so your current device is saved as a trusted device.

To remove a trusted device from an employee:

  1. Go to People > Employees.
  2. Access the required employee card.
  3. Go to Profile > Settings.
  4. Click Remove all saved trusted devices.

To protect your Simpro Premium build from users logging into a company without two-factor authentication and then navigating to companies with two-factor authentication, there are a few specific rules for this feature in multi-company builds.

  • Two-factor authentication is included under Shared Setup. If you have two-factor authentication active and a Shared Setup, all users across all multi-company builds are required to use two-factor authentication.
  • If users have access to a company that uses the secure two-factor authentication login and also other companies that do not have the two-factor authentication login configured, they are still required to used the two-factor authentication verification when they login, regardless of which company they are logging in.