To Implement Multifactor Authentication

Implementing multifactor authentication in MYOB Acumatica involves several steps, as this topic describes.

To Implement Multifactor Authentication

1. Obtain a Multifactor Authentication Provider Account.

   Get an account for each user who will login to MYOB Acumatica. The account must include single sign-on capabilities as well as the multifactor authentication mechanism that you will utilize.

2. Implement single sign-on.

   Single sign on capabilities must be implemented at the authentication provider and inside MYOB Acumatica.

   First you need to enable SSO for the Authentication Provider. Obtain information from the Authentication Provider on how to set this up.

   Next you establish a secure mechanism to hand-off the authenticated users to MYOB Acumatica. To provide a secure hand off, you must implement an HTTPS connection between the two systems. Microsoft and Google utilize OAuth 2.0, while OneLogin uses SAML 2.0 to communicate over the HTTPS connection. For more information, see Authorizing Client Applications to Work with MYOB Acumatica.

   As a part of establishing a secure hand-off, each system will provide a certificate that can be entered into the other system. On MYOB Acumatica Security Preferences (SM201060) form you can enter the certificate provided by the external providers.

   Single sign on setup usually involves changes to the web.config and other system files. SaaS deployments will require assistance from you support provider.

3. Modify the login page.

   To prevent people from bypassing the multifactor authentication mechanism, remove the username and password option from the login page.

4. Link External Accounts to MYOB Acumatica Accounts.

   When an identity is passed from an external Authentication Provider, MYOB Acumatica needs to know which MYOB Acumatica user this identity is associated with.

   This linkage can be configured on the Users (201010) form on the External Identities tab.