|If you have questions that are not answered in the document below, please feel free to reach out to your account manager for more information.||
Click on the link below for directions to log in to AviontéBOLD with MFA:
What is MFA?
Multi-factor authentication (MFA) is an authentication method that requires the user to provide two forms of identity verification before they’re allowed to log in to the web or application: what the user knows, such as a password, and what the user has, such as a smartphone, cell or landline phone, or email. MFA is not Single-Sign-On (SSO) as it does not connect authentication between multiple applications.
It is also sometimes referred to as Two-Factor Authentication (2FA).
MFA is a response to increased demand for higher security within and across organizations.
What is Single-Sign-On (SSO)?
Single-Sign-On is an authentication method that allows users to sign in using one set of credentials to access multiple independent participating applications. With SSO, users can access all needed applications without being required to sign in to each application separately.
What is the difference between the MFA authentication for login and MFA for Email?
The MFA functionality we are releasing is for logging into BOLD.
Why is MFA important?
Passwords alone aren’t secure enough anymore. From simple relaying and spraying attacks to the more sophisticated threats of spear-phishing and pharming, hackers have developed countless tried and tested methods of stealing credentials and gaining unauthorized access to private accounts. In March this year, Microsoft engineers said that 99.9% of the account compromise incidents they deal with could have been blocked by a multi-factor authentication (MFA) solution.
Also, many cyber insurance policies do require at least internal systems to enable MFA.
What user types can I enable MFA for?
- HCM users: Subscribed Avionte Users
- Talent: Talent/Applicants
- Managers: Time approvers
Configurations available include any combination of these, or all of them.
Am I required by Avionte to enable MFA?
No, not at this time. However, at a minimum, we recommend this be enabled for your HCM users as a best practice. Currently, this feature is only available in AviontéBOLD.
Does my talent need to complete MFA when they log in?
No – This is currently an optional setting; however, it is a best practice.
What are the various methods of MFA?
Currently, we are supporting both Text and Email MFA codes at the time of login.
Will I have to enter a code each time I log in?
Each time the application is closed, the user will be prompted to authenticate with a password. BOLD MFA authentication can remember the device for up to 30 days, so the prompt for an MFA code is needed for the first authentication. Then it is needed if the user forgets their password, or after 30 days.
This is very similar to the way Microsoft Office, Google GSuite, Amazon, and other platforms work.
MFA for CLASSIC does not have this option; authorized users need to enter an authentication code every time they log in.
How will this work for kiosks or shared computers at my office?
The best practice will be to log out instead of closing the page. There are additional browser-based settings that can erase known devices/authentications and using these settings are a best practice for shared computers.
Users will be automatically logged out when they close their browser window. This protects their account if another user attempts to log in.
Will my employees need to use a smartphone?
The primary method for MFA is text messages; however, we also support MFA via Voice calls and E-mails. The Voice Call option will work with landlines - the system will audibly read out a code to the receiver. If the e-mail option is chosen, the system will send authentication codes to a recipient's email address.
Should I alert my staff?
Yes, if you decide to activate MFA for your company. We are preparing a marketing tool kit to best assist with messaging to staff, but it is your responsibility to educate your staff on how their login experience will change. The article Log in to AviontéBOLD with MFA will help.
In particular, they should know that the login screen will change for them. If you elect to activate MFA for your organization, the login screen all users experience will change regardless of whether that user type is part of the MFA protocol. Here is a screenshot of the new login screen:
What occurs when a user loses their device or email associated with MFA?
If both are lost, please create a Zendesk support ticket and contact the Avionté support team to reset the user's MFA method. Note: A new phone number/email address will need to be used if MFA was previously enabled. Please include "Reset MFA method" in the subject of the ticket.
For more information on creating a support ticket in AviontéBOLD, click here: Create and View tickets with AVI in BOLD
What is the time out?
There will be a 5-minute timeout between when you receive an MFA code and when it needs to be entered. If you experience a time-out, you can request a fresh authentication code. See the KB article Log in to AviontéBOLD with MFA for further instructions.
What is the impact for clients using custom logins?
Custom logins are being investigated. Currently, if MFA is activated, custom branding is not available. We are working towards a solution where custom branding can be preserved after MFA activation.
How can I request MFA?
To request MFA activation in your environment, please create a Zendesk ticket with the subject "MFA Activation". Please include the following information in the ticket:
- What role(s) you would like MFA activated for (all, HCM users, Managers, Talent)
Please refer to these instructions to create a ticket in AviontéBOLD: Create and View tickets with AVI in BOLD
We request that these tickets be given a minimum 2-day turnaround time. If you would like more time to prepare, please indicate the date you would like the service to be activated in the ticket.
What about Self-Hosted Customers?
We are not offering Avionté MFA to self-hosted customers. If they desire it, self-hosted customers can provide an MFA solution for themselves as they own their enterprise infrastructure.
Please sign in to leave a comment.