{"Assets":{"Script":["/static/js/kb-static.js"],"Style":["/static/lib/github-markdown.css"]},"Error":null,"Page":{"Created":"2024-05-21 14:08:29","Heading":"Multi-Factor Authentication (MFA)","ID":690,"Markdown":"Multifactor authentication (MFA) gives you an extra layer of security by asking for something else besides your user name and password - like a code sent to your phone.\n\nThis makes it much harder for anyone to get into your accounts and adds an extra layer of protection to protect users and data.\n\nIf you see the message below when trying to access the Admin menu, Payroll or Billing then you need to have MFA set up.\n\n>![][img11]\n\nThis means users must have their own login and password and each time a user logs in they will also need to enter a verification code from an **authenticator app** to access the information.\n\nThe code lasts until a user has left the program or their screen is inactive for more than 15 minutes. (Inactive means no moving/clicking the mouse, typing, scrolling, or opening a page within TriOnline.)\n\n\n\n# Setting up an Authenticator #\n\nAuthentication applications and TriOnline use an open security standard, so you are free to use any authentication application that supports the standard. Some well known authenticators include:\n- [Google Authenticator](https://support.google.com/accounts/answer/1066447?hl=en&co=GENIE.Platform%3DAndroid)\n- [Authy](https://authy.com/download/)\n- [Duo](https://duo.com/editions-and-pricing/duo-free)\n- [Microsoft Authenticator](https://www.microsoft.com/en-au/security/mobile-authenticator-app)\n - If your organisation's IT has not allowed your email to link to Microsoft's Authenticator, please choose another option\n\n1. Download the authenticator on to your phone:\n\n For help installing applications, see the following links:\n\n - [How to Install an iPhone Application](https://www.wikihow.com/Install-an-iPhone-Application)\n - [How to Install Apps on Android](https://www.wikihow.tech/Install-Apps-on-Android)\n\n2. Activate multi-factor, on TriOnline:\n\n\t1. On a **computer** sign into TriOnline (it is difficult to do this on a mobile)\n\t2. Click on \"My Account\" on the dashboard or click on your name in the top right corner of the screen.\n\t3. Go to the \"Security\" heading\n\t4. Next to \"Multi-Factor\" click **register**\n\t5. If you see **unlink** instead of register, this means you are already registered with an authenticator - check your phone for an authenticator app that you have set up previously.\n\t**If you have a new phone or can no longer access your previous authenticator:** click on \"unlink\" so that it changes to \"register\".\n 6. Click on the blue word Register (circled in screenshot below)\n ![][img01]\n 7. A screen that says **Register MFA** with a square QR code below it will appear. Leave this TriOnline screen with the QR code open and go to your authenticator app on your phone.\n\n>![x450][img08]\n\n\n3. Open the authenticator on your phone\n(**Note** you can use any trusted authenticator, the process will be similar to below.)\n\n3. Click on \"Get Started\" or \"Add\" or \"Add Account\" and follow the application prompts on the phone\n5. Hold your phone up to the TriOnline screen and click Scan QR Code\n Click Allow to take photos/video\n - if the QR image does not load, or your camera is not working, then choose Enter Setup Key as your set up method.\n - The \"Set up key\" is the long secret code above the QR code square on the TriOnline screen (see example below)\n ![][img09]\n\n9. Enter the 6 digit code **from the app** into the box on the TriOnline screen.\n![][img10]\n - If the code doesn't work, it may have expired, enter a new code from the authenticator app, they change every 30 seconds\n10. Press save in TriOnline.\n\n11. In the authenticator app enter the name \"TriOnline\" or the name of your choice. (Some authenticators will display \"Add Account\" to add the name.)\nThis is to distinguish your TriOnline authenticator code from other authenticator codes for other programs you might already have or add later.\n\n**Authenticator download message for iPhone**\nIPhones that are too old for some authenticators will get the message \"upgrade to a 13.ios to download\" when trying to download from the App Store.\nEither upgrade the phone if possible or try to download a different authenticator for the phone. Alternatively download a desktop authenticator for use on a PC/MAC.\n\n**Desktop Authenticator**\nIf you are unable to use a phone for authentication, there are desktop versions available of most of the mobile authenticators, you will need to do a web search on how to enable them on your desktop.\nThe drawback is that if you share the use of your computer then another person may be able to use the authenticator to access secure functions. And you will need to set up a new authenticator if you work on a different computer.\nUsing an authenticator on your phone is recommended for greater security and mobility.\n\n# Using MFA to Sign Into TriWinPay #\n\n1. Log into the TriOnline Terminal Cloud server (in the usual way)\n2. Double click on the TriWinPay Icon\n3. Enter your TriOnline Username / Email\n4. Enter your password\n5. Select your facility name\n6. Click \"OK\"\n\n ![x250][img03]\n\n7. On your phone open the authenticator\n8. Copy the 6-digit number from the app into the \u201cSecurity Token\u201d field on the\nTriOnline Terminal Cloud server.\n![x250][img04] -> ![x250][img05]\n9. Click \"OK\"\n\n**Troubleshooting**\n\"Invalid Code\" or \"Invalid MFA Token\" message after entering the 6 digit number.\n\n- Double check that your phone\u2019s time is correct, the codes are generated based on your phone\u2019s time \u2013 It needs to match the payroll servers time as they are only valid for a short period of time.\n\n- Unlink and relink the authenticator through TriOnline\u2019s My Account page (making sure to delete the previous TriOnline key from your authenticator app so you don\u2019t get confused with two TriOnline accounts)\n\n- The QR code image is not displaying, it is blank or there is a broken icon\nThis means that your browser is blocking the image from being shown.\nYou can use the Secret Code located just above it instead.\nWhen adding the MFA within Google Authenticator choose to \u201cEnter a setup key\u201d, enter:\nYour account\u2019s username, you should be able to enter \u201cTriOnline:\u201d before it.\nThe code displayed on screen\nLeave the Type as \u201cTime based\u201d\n\n\n- Authenticator is displaying 8 digits, not 6.\nThe number of digits can vary between each application you have linked within your authenticator \u2013 TriOnline is only using the 6 digit version which is the typical standard. The number of digits it should be generating is 6, if it\u2019s doing more or less then it would be an issue with the authenticator itself.\n - check that the code is for TriOnline, it could be for another account you have on the authenticator\n - if it is still any number of digits apart from 6 either unlink it and set it up again following the registration process or use a different authenticator.\n\n\n- I am getting a code by text message\nThis was done for TriOnline Payroll in the past, please follow the guide above and scan the QR code instead.\n\n\n\n[_]: -------REFERENCES-------\n[img01]: https://trionline.com.au/dli/4e6e8a5c0466b2aed20f527dfe1f8834/\n[img03]: https://trionline.com.au/dli/bfef7b5272525e46da93257026ea7027/\n[img04]: https://trionline.com.au/dli/b176f6090af51bbbae379f174174ed44/\n[img05]: https://trionline.com.au/dli/26438fc0f5eac4d106584e8e0914312b/\n[img08]: https://trionline.com.au/dli/ffa6da1105a0004aa58814af0405991d/\n[img09]: https://trionline.com.au/dli/d5d8d3caf089ec9331ef8e3296f40c94/\n[img10]: https://trionline.com.au/dli/a9c842e00d213e93b6466422a2eada01/\n[img11]: https://trionline.com.au/dli/9258d70e99dec3db2b6aa3d87f04dcb4/\n[_]: ----------END-----------","NoDownloadPDF":false,"RawContent":false,"ReferencedTitles":{},"Theme":"green"},"PushEnabled":false,"PushEndpoints":[],"RequiresMFA":false,"Session":{"Authority":-1,"Facility":null,"IsElevated":false,"Name":"No Name","NoStaging":null,"RealUser":null,"SubFacility":null,"Token":null,"User":null},"Sidebar":[],"Switcher":{"current":[null,null],"facilities":[],"isSN":false,"rosters":[],"servers":[]},"Theme":"blue","Title":"Multi-Factor Authentication (MFA)","Version":"2026-04-02-18-04-49"}