This guide is aimed at Controllers to enable them to successfully manage multi-factor authentication (MFA) on their myhrtoolkit account.
Our MFA is simple to setup and manage on your account. It is designed to be configured by individual users, requiring minimal input from account Controllers.
All users can see the "Multi-factor authentication" link in the Account menu. Full details: Enabling MFA for my account.
If a user needs to temporarily remove or reset MFA on their account, they can do this by following our guide on Disabling MFA for my account.
Myhrtoolkit Controllers can see a list of all users and their MFA status via the Manage Live Users section of the Security Centre (Config > Security Centre). The MFA filter at the top of the table allows you to show users who are:
In Security Centre (Config > Security Centre) you will find our "Multi-factor authentication reminder" widget. This simple widget allows you to send a reminder email to all users on your account yet to enable MFA.
There are times when you may need to disable MFA for users, such as when an authenticator device is lost or stolen and their is no access to recovery codes.
Controllers are able to disable MFA for individual users from the Manage Live Users panel in Security Centre. For users with MFA enabled, the Actions dropdown menu will include a link to "Disable MFA". After re-authenticating, the user's MFA will be disabled and they will be notified via email.
Any action to enable or disable MFA, or usage of a recovery code is logged. This log is visible to Controllers in the Security Centre Audit Log.