PayHero provides an option for the use of Two Factor Authentication (2FA) at both a company-wide level and on an individual user basis. Depending on which option you've selected, this will be applied as follows:
Company - Any users accessing the PayHero company (Employee, Manager or Administrator) will need to have Two Factor Authentication set up for their user before they're able to log in. Users with access to multiple companies will be required to use 2FA if any of their companies require it.
Individual User - Set up Two Factor Authentication for increasing the security of your own individual user access.
Check out the sections below to learn more about activating and using 2FA in PayHero.
Enforcing 2FA for your company
If you wish to require Two Factor Authentication for all users logging into your company, select the Require Two Factor Authentication setting in your Company Settings under Manage > Settings > Company, then click Apply.
Any users who have access to your company will be prompted to set up 2FA the next time they log in, if they haven't already. Any users with access to this PayHero company will also be unable to turn off their own 2FA, unless the Require Two Factor Authentication setting is later turned off.
Prompt to Set Two Factor Authentication
When a user without 2FA next logs in, the following prompt will be displayed:
They'll need to follow the steps to set up 2FA on their account before being able to log in. They'll need to use their preferred authenticator app (e.g. Google Authenticator) to scan the QR Code that's displayed, then enter the verification code that's displayed on their authenticator app.
Enabling 2FA for an individual
To activate Two Factor Authentication for your own login access, navigate to the Accounts section of PayHero. This can be found by clicking on the company logo in the top right of PayHero and selecting My Profile.
Under the My Profile area, select the option for Setup Two Factor Authentication.
Next, use your preferred authenticator app (e.g. Google Authenticator) to scan the QR Code that's displayed. Enter the verification code that's displayed on your authenticator app and click Confirm.
Signing in with 2FA
Once 2FA is set up, you'll be prompted to confirm a new code each time you log in.
You'll need to open the authenticator app you originally used to verify to find the appropriate code for your PayHero login.
If you're logging in on a trusted device, you can tick 'Remember me for 30 days' if you don't want to confirm your 2FA credentials every time you sign in. You'll still be prompted to confirm your 2FA code if you sign in on another device, browser, or from a different URL.
Troubleshooting & FAQ
Why does it say the code I entered is invalid?
Why does it say the code I entered is invalid?
The authentication process relies on the code you entered being correct at the moment you submit it on the login page. The most common reasons you might see an invalid error are:
The timer had run out on the code before you submitted it. Try again, making sure you have plenty of time left before the timer in the authenticator runs out.
The code you've used is for another login or account. Find the correct code for PayHero (this may be listed under FlexiTime) and try again. If you have multiple logins, make sure you're using the right code.
The date/time settings on your devices don't match. Ensure the date/time settings on both devices are correct and set to the same time zone, then try again.
How do I reset my 2FA setup?
How do I reset my 2FA setup?
The only time you should need to reset your 2FA setup is if you've lost your previous phone and aren't able to restore your 2FA codes on your new phone. In many cases, if you're just moving to a new phone, your authenticator app should have options for migrating your codes to your new phone.
If your 2FA setup does need to be reset, your payroll administrator will need to contact us at support@payhero.co.nz - they just need to confirm your login email address, and we can reset your 2FA registration for you.
Which authenticator app should I use?
Which authenticator app should I use?
You can use any authenticator app of your preference, such as Google Authenticator or Microsoft Authenticator. If there's one you already use for other systems, you can use the same app.
Can I receive my code via email/text instead?
Can I receive my code via email/text instead?
No, you'll only be able to set up 2FA with PayHero in an authenticator app of your choice. You'll need to open the app to check your code each time you're prompted to enter it when signing into PayHero.