Two Factor Authentication FAQs

1. Is Two Factor Authentication mandatory for users in BrightPay (cloud)?

No it is optional. It can be made compulsory at the Organisation level or an individual user can enable 2FA for their own Bright ID.

If a user is already using of one of Bright’s products such as Connect, BrightManager, BrightBooks, BrightPropose and has two factor authentication enabled for these products when the user logs into BrightPay (cloud) for the first time, they will be asked for the code to verify by whatever option they have set up in BrightHub to receive the code, if not the code will be sent by email to the user as a default.

2. How do I enable Two Factor Authentication for users in BrightPay (cloud)?

Once you are signed into BrightPay (cloud), please go to > My Organisations > Select your Organisation > Team Members > There is a button for ‘2FA is optional’ beside Invite New Members.

If you select this, you can select the option of Require 2FA for Organisation Members and Save.

If you need further guidance please view our help guide here.

3. What type of team members on an Organisation can enable Two Factor Authentication for all team members on an Organisation in BrightPay (cloud)?

The owner and administrator team member roles will be able to enable Two Factor Authentication for all team members on an Organisation in BrightPay (cloud).

4. If 2FA is enabled on an Organisation for team members, what method do they use for the verification code by default?

If 2FA is enabled on an Organisation, when any team member of that Organisation try to log into BrightPay (cloud) then the verification code will be sent by email to the team member.

5. Can a user set up 2FA for their own Bright ID?

Yes this can be done on the user’s profile. Please select the icon in the top right hand corner of the screen, Select > Manage My Bright ID > Select the Security tab > Manage 2FA.

Where it displays To enhance the security of your Bright ID, we strongly recommend enabling Two-Factor Authentication please select On on the right.

You can choose your preferred 2FA method:

• Authentication App 
• Text
• Email

If you select Authentication App or email, you can select Save.

If you select Text message, you need to enter in your phone number and select Continue.

A verification code will be sent to your phone by text. You will need to enter this in the field provided. Select Continue. Your phone number is verified so the next time you log in, you will be required to enter a code that is sent via SMS to your phone

When you log into BrightPay the next time, it will say

If Authentication App is your method: Enter the verification code from your authenticator app?.

If Text message is your method: Your BrightID is protected with two-factor authentication. You must enter a verification code that is sent to your phone

If email is your method: You must enter a verification code that is sent to your email address.

6. Which is the strongest method to use for 2FA?

The authentication app is the strongest and preferred method, then text message, then email.

7. What authentication App can we use?

We will recommend using the Microsoft Authenticator app but you can use Google Authenticator or Authy.

8. If a user is a member on multiple Organisations and 2FA is enabled on only one of the Organisations, what happens?

If a user is a member of an Organisation that has 2FA enabled and they want to access one of the other Organisations they are a member of, when they sign into BrightPay (cloud) they will still need to go through the 2FA process.

10. Can 2FA be turned off for individual users?

If 2FA is enabled on an Organisation all members on that organisation will need to complete the 2FA process when logging into BrightPay (cloud).

11. If a customer only wants certain members on their Organisation to have 2FA enabled, can this be done?

In this scenario, 2FA would not be enabled on the Organisation, and individual members can enable 2FA in their Manage my Bright ID area in their profile and enable 2FA and select the method they wish their code to be sent to.