The First Time: Step-by-step Setup of TOTP Authentication
Access either the Fourth iOS/Android app or Fourth website via your normal Fourth web address or bookmark. This is usually https://secure.fourth.com or similar, and log in using your normal Fourth Account username and password
Fig.1 - Standard login screen
If your login page looks like Fig.2 below, then you won’t be able to configure multi-factor authentication please check the web address. If you still don’t see the right screen, then please raise a support ticket.
Fig.2 - Old login screen
Once logged in you should then see the screen below
If you don’t see this and are instead logged in as normal, then your account might not have been configured for MFA. Please contact your manager (who may raise a support ticket).
Follow the links on the page to the appropriate app store for your device, and download the recommended Microsoft Authenticator app
|
Fig.4 - Apple App store |
Fig.5 - Google Play store |
If you already have a preferred TOTP-compatible authenticator app on your device, follow this instead.
Scan the QR code (or enter the code provided manually). In the MS Authenticator app it will look like this:
|
Fig.6 - Add account |
Fig.7 - Get TOTP code |
Take the one-time password code generated, return to the Fourth website and select Continue
Before the timer runs out, enter the six-digit number into the Fourth website and select Verify
|
Fig.8 - Verification of TOTP factor |
Fig.8 - Bad TOTP code |
If you typed in the wrong code, please try again. Or if the timer expires, return to the authenticator app and get a new one.
You should then be logged in as normal and see all of your usual Fourth apps
Subsequent Logins using MFA
From now on, you will be required to provide the second factor (TOTP code from your app) every time you log in via a browser or the Fourth iOS/Android app.
|
Fig.11 - Verification of TOTP factor |
Fig.12 - Get the TOTP code |
Fig.13 - Logged in |
Frequently Asked Questions
What is Multi-factor Authentication?
Multi-factor authentication is a way to protect a user’s account by requiring them to provide more than one way to prove it's them trying to log in.
“Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism.” Wikipedia
It’s like having a trusted friend double-check that it's really you trying to log in to your account. It's an extra layer of protection to keep your Fourth account safe.
What are Authentication factors?
Authentication factors are the different types of credentials used to verify a user's identity before granting access to a system or service. There are generally three categories of authentication factors:
Something the user knows: This could be a password, a PIN, or the answer to a security question. It's something that the user has memorised and can provide when prompted.
Something the user has: This could be a physical token, a smart card, or a mobile device. It's something that the user possesses and can use to authenticate themselves.
Something the user is: This could be a biometric characteristic, such as a fingerprint, a voiceprint, or a facial recognition pattern. It's something that is unique to the user and can be used to verify their identity.
In this case, you’ll be using something you know: your Fourth Account password, and something you have: a registered authenticator app on your iOS/Android device, as authentication factors.
What is an Authenticator app?
An Authenticator app is a software application that generates time-based one-time passwords (TOTP), which you can use to authenticate your login to a service. It enhances security by providing a second layer of verification beyond just a password.
This method is considered more secure than SMS or email verification because the codes are generated on your device and do not travel through potentially insecure channels.
We recommend the Microsoft Authenticator app, but any compatible TOTP app will work.
How do I use it?
Once MFA is activated for your account, during the first sign-in, after you successfully enter your Fourth Account password, you will scan a QR code (or enter a code manually) using the authenticator app. This will generate a code that must be entered, like a second password, to complete the setup and log you in. This authenticator app on this device is now registered on your Fourth Account.
During all subsequent sign-ins, after you successfully enter your Fourth Account password, you simply type in the new TOTP code that appears on the authenticator app to prove that you have your registered device and can therefore log in.
That’s it: multi-factor authentication.
What happens if the TOTP device is lost or not available?
If you are currently logged in to your account, but no longer have access to your TOTP password generator. You can perform a self-service reset on your account. In the Fourth App, go to your profile and select Reset Multi-factor Authentication
Fig.11 - Profile View
Following a warning message, you will be logged out of your Fourth Account and your MFA reset.
If you are not currently logged in to your account and no longer have access to your TOTP password generator, you will need to contact us and ask us to reset the MFA requirement on your account. Please contact your manager (who may raise a support ticket).
After your account is reset, you can simply start again (with a new device or app) from the first time step in the process.
This might also apply to a leaver who no longer has their corporate-owned device with the TOTP app. In this case, their manager should contact Fourth to have us remove the MFA restriction and allow them to access their HR documents (until that access expires normally).
We share a single device in my location - how does that work?
In the situation where you are provided with a single shared device (laptop, tablet or maybe a phone) for use at a store and where each user has their own separate Fourth Account with a non-shared Fourth username and password.
We would recommend that you each install the authenticator app on a different device. This should be a device that only you can access e.g. your work or personal phone. On subsequent access, the OTP will be sent only to the registered device of the specific user trying to log in.
If you and your colleagues also share a common Fourth username and password, then you must also use the same authenticator app. This will need to be installed on a device that you can all access when you need to and protected by something other than a biometric factor.
Comments
Please sign in to leave a comment.