Employee Two Factor Authentication FAQs

1. Is Two Factor Authentication mandatory for employees in BrightPay (cloud)?

No it is optional. It can be made compulsory at the Employer level or an individual employee can enable Two Factor Authentication for their own Bright ID.

If an employee is already using of one of Bright’s products such as BrightManager, BrightBooks, BrightPropose and has two factor authentication enabled for these products when the employee logs into BrightPay Employee Self Service Portal for the first time, they will be asked for the code to verify by whatever option they have set up in BrightHub to receive the code, if not the code will be sent by email to the user as a default.

2. How does an employer enable Two Factor Authentication for employees in BrightPay (cloud)?

In order to enable two-factor authentication on an Employer in BrightPay a user signs into the BrightPay, opens the employer and selects > Employer > Employee Portal > Settings.

If you select this, you can select the option of Require Two Factor Authentication and Save.

If you need further guidance please view our help guide here.

3. What type of team members on an Organisation can enable Two Factor Authentication for all employees on an Employer in BrightPay (cloud)?

Any user member role with access to the Employer will be able to enable Two Factor Authentication for all employees on an Employer in BrightPay (cloud).

4. If Two Factor Authentication is enabled on an Employer for employees, what method do they use for the verification code by default?

If Two Factor Authentication is enabled on an Employer, when any employee of that Employer try to log into BrightPay's Employee Self Service Portal then the verification code will be sent by email to the employee

5. Can an employee set up Two Factor Authentication for their own Bright ID?

Yes this can be done on the employee’s Bright ID profile. Please select the icon in the top right hand corner of the screen, Select > Manage My Bright ID > Select the Security tab > Manage Two Factor Authentication.

Where it displays To enhance the security of your Bright ID, we strongly recommend enabling Two-Factor Authentication please select 'On' on the right.

You can choose your preferred Two Factor Authentication method:

• Authentication App 
• Email

If you select Authentication App or email, you can select Save. When you log into BrightPay the next time, it will say

If Authentication App is your method: Enter the verification code from your authenticator app.

If email is your method: You must enter a verification code that is sent to your email address.

6. Which is the strongest method to use for 2FA?

The authentication app is the strongest and preferred method, then email.

7. What authentication App can we use?

We will recommend using the Microsoft Authenticator app but you can use Google Authenticator or Authy.

8. Can Two Factor Authentication be turned off for individual employees?

If Two Factor Authenticationis is enabled on an Employer all employees in that employer will need to complete the Two Factor Authentication process when logging into BrightPay's Employee Self Service Portal.

9. If an employer only wants certain employees on their employer to have Two Factor Authentication enabled, can this be done?

In this scenario, Two Factor Authentication would not be enabled on the employer, and individual employees can enable Two Factor Authentication in their Manage my Bright ID area in their profile and enable Two Factor Authentication and select the method they wish their code to be sent to.