Logging in to Natural HR using Two Factor Authentication
There are different ways to log in to the Natural HR system, by default this is achieved by entering a user name and password.
In addition to the user name and password, you can require your users to log in with a PIN, or, alternatively, a user can log in using Single Sign ON (SSO) click here to read an article about logging in using PIN or SSO.
There is always the risk that your password and/or PIN can be compromised, or guessed by someone else trying to gain access to your Natural HR system. Too many unsuccessful attempts to log in to an account can result in the account user being locked out of the system.
Natural HR also supports Two Factor Authentication, this means that as well as entering a user name and password to log in to Natural HR, you are also required to enter a code generated from a second device, such as a smartphone. This is a process which is in use by many online banking and account management services.
To set up Two Factor Authentication go to
Administration > Company > Settings > Security settings
Here you will see the 'Require 2 factor authentication' option, select 'Yes - require 2 factor authentication on login'.
Please note: You should not change any security settings on this page unless you are certain of what you are doing - incorrect usage of these settings could result in all your users being prevented from logging in.
After clicking 'Submit' your users will now be required to log in to Natural HR using Two Factor Authentication.
Once this setting is enabled, you will see an additional option called 'Force two factor re-authentication' - if you tick this box and then click submit, this will require ALL users to authenticate and rescan the QR as if they were logging on for the first time again as a security precaution.
The first step is the user enters their username and password as normal and then clicks on the 'Login' button
The first time the user attempts to log in they will see this screen that requires the user to scan the QR code using the Google Authenticator app and camera from their smartphone or tablet.
Please note: the Google Authenticator app is available for iOS and Android devices and can be downloaded from Google Play and the Apple App Store.
If the user's smartphone or tablet does not have the facility to scan the QR code, the user can click on the 'Enter QR code manually' link
followed by clicking on the 'Enter manually' link
and then you will see a code that you will need to enter into your Google Authenticator app on your device.
Please note: when you launch the Google Authenticator app for the first time you will have the option to 'Scan a QR code' or 'Enter a setup key', please refer to the help and instructions provided by Google on how to set up and use the Google Authenticator app.
After scanning the QR code or entering the long code, you will then see a six digit code which you can
- Enter the code
- Click on 'Verify'
After clicking on 'Verify' the user is able to log in to their Natural HR user account.
Please note: Google Authenticator generates a new 6 digit code every 30 seconds, if you enter a code which has already expired then you will see a log in error like this 'Incorrect code entered'
You will need to log in again and enter the new code generated by the Authenticator. Once you have entered the code and clicked on 'Verify' you will be able to access your user home screen
Resetting a users Two Factor Authentication
Occasionally you may need to reset the authentication for a single user - this may happen if they get a new phone for example and need to setup two factor authentication again.
To do this, you simply need to go to People -> Users and find the user in the list - in the last column click on 'Two factor re-authenticate'.
This will reinitiate the authentication process for two factor for that employee requiring them to scan the new QR code the next time they login to setup two factor again for their device and account in Natural HR.
Please sign in to leave a comment.