Enforcing 2FA with MYOB ID

Users have the choice of signing in with two-factor authentication (2FA) or with just their MYOB Acumatica username and password.

To make it so that 2FA is the only sign-in option, site administrators can use the Forbid Login with Password option. Make sure to keep users informed of any changes you're going to make. You can also make the process smoother for them by first resending onboarding emails, which have links to associate their MYOB Acumatica and MYOB ID accounts.

Note:
You can't forbid login with password for users that have been assigned one of the following users types: API, Report Designer, Device Hub or OData.

Enforcing 2FA for a Single User

To follow these steps, you need to have the Administrator role with the Full User licence type.

If you also have the External Identity Manager role, you can choose to use the External Identity Management form (MY.SM.20.65) instead.

  1. Go to the Users form (SM.20.10.10).
  2. In the Login field, select a user.
  3. Select the Forbid Login with Password checkbox.
  4. Save your changes.

    The user must now sign in with MYOB ID. If the user doesn't have an MYOB ID account, they'll be redirected to create one when they click Sign in with MYOB ID.

Enforcing 2FA for All Users

To follow these steps, you need the External Identity Manager role to access the form, as well as the Administrator role with the Full User licence type.

  1. Go to the External Identity Management form (MY.SM.20.65).
  2. In the checkbox column, select all users by selecting the checkbox in the header row.

    In this example, the api user can't be forbidden from password-only login because they have been assigned the API user type.

  3. On the form toolbar, click Forbid Login with Password.
  4. In the Update Users window, select the Forbid Login with Password checkbox and click OK.

    Users must now sign in using 2FA.