Platform: Changes to Two-factor Authentication (2FA) Enforcement for Payroll Users

With MYOB Acumatica 2024.1.200, we are continuing to increase 2FA enforcement to meet compliance regulations and protect sensitive company and personal information.

From this version, the Forbid Login with Password option will be mandatory for users with specific payroll licences and roles. These users will not be able to log in using the password-only method (the green button). They must login using 2FA via MYOB ID (or another 2FA method if it is set up for your site).

Help with signing up for 2FA using MYOB ID is available in the MYOB Acumatica Knowledge Base.

Affected Roles and Licences

With this version, the affected users are those with a combination of these user roles and licenses.

Any of the People Payroll User, People ESS, or People MSS user roles, as well as
either the People User or People Business User licence.

This includes users with other licences in addition to People User or People Business User.

Warning: Because access to API and OData does not support 2FA, you can no longer use an account with the above roles and licenses for these purposes. We recommend setting up users specifically for these purposes, especially for API access. The API User licence is designed for this.

The Full User and MYOB_Partner licences are not yet affected by this change. They will follow in a future update.

Rollout

When you upgrade, we are not immediately enforcing Forbid Login with Password for existing users.

New users will have Forbid Login with Password selected by default.
For existing users, Forbid Login with Password will be a mandatory field the next time their user account is edited. Trying to save a user profile without the setting ticked will give a warning message.