FastTrack360 Version 12 Online Help
Multi-Factor Authentication (MFA)
- Fiona Sims
What is Multi-factor Authentication?
Multi-factor authentication (MFA) is a process that requires users to submit at least two pieces of identification to the system to gain access. Learn more with our quick overview video here (- 1 minute, right mouse click over the link to open the video in a new browser tab) or read more about the security enhancements available from 11.36 on here FastTrack360 Security.
MFA will be imposed on users on login to FastTrack360, based on the following:
MFA Mandatory items – imposed by the Australian Tax Office (or other Countries that require mandatory MFA for sensitive information). This is configured and managed in the background by FastTrack, to ensure regulatory compliance. Mandatory MFA items will impact users who have access to the Security Items that hold sensitive information, for example Candidate Payroll information.
MFA Security Roles – imposed by your Agency where particular Security Roles require MFA.
If MFA is applicable to you, on login to FastTrack360, you will be required to enter in your Username and Password as normal, this is the first step or 'factor'. Once these details have been validated, you will be asked to enter a code. Where you retrieve this code is determined by the MFA method that has been assigned to your User Record.
MFA TOTP (Time-based One Time Password) - The code is generated by a TOTP app, which you will need to download to the device you commonly have with you when you are accessing FastTrack360, for example your mobile phone, or within a PC Browser.
OR
MFA SMS - An authentication code is sent to your mobile phone number. When you log in for the first time, if you do not have a mobile number stored in the system, you will be asked to enter this.
How do I setup and maintain MFA?
The method you will use for MFA is stored in your User Record, which is maintained by your System Administrator. When you login for the first time, you will be prompted as to what is required for setup as per the method assigned to you.
TOTP MFA Authenticator Setup
When you first login, the system will guide you through the setup process. Here's a quick video on how to do this. Right mouse click over the link to open the video in a new browser tab).
You will need to download a TOTP app to your device (mobile, tablet, PC Browser). You can setup on both PC and mobile device - this is a good strategy in case you forget your mobile phone or are working from a different PC, you will have a second TOTP Authenticator option available.
To setup a PC Browser plug-in (instructions are for the Chrome TOTP Authenticator - Internet Explorer and Firefox will accept codes generated from this plug-in):
Right mouse click on this link to open link in a new browser tab: Open Authenticator plug-in from the Chrome Web Store.
Click the blue “Add to Chrome” in the top-right corner of the page, and follow the prompts to install Authenticator
Once Authenticator for Chrome is installed and opened, you’ll be able to scan QR codes by clicking the ‘Scan QR Code’ button in the top right of the plug-in
When FastTrack is upgraded to support Multi-Factor Authentication (MFA) you’ll be presented with a QR code to scan with this plug-in
Once set-up, use this plug-in to see your unique 6-digit code. Then simply enter the code (or copy and paste) to log into FastTrack360
On your phone or tablet, access your App Store and search on 'TOTP authenticator', select an app from the options provided - during setup make sure you store any back-up codes in case you lose your device.
To setup a mobile phone / tablet TOTP Authenticator App:
Open the official application store on your smartphone (e.g. Google Play or Apple App Store)
Search for “Google Authenticator” and install the app
Once Google Authenticator is installed and opened you’re able to scan QR codes by clicking the ‘+’ button in the top right of the app
When FastTrack is upgraded to support Multi-Factor Authentication (MFA) you’ll be presented with a QR code to scan with this app
Once set-up, this plug-in will display the 6 digit code unique to your user account.
The Verification Code screen (shown below) is where you will enter the Code displayed in your TOTP Authenticator app. Enter the code and click Submit to gain access to FastTrack360. Click Back if your Authenticator is not producing codes, and re-attempt to scan the QR Code to your Authenticator.
If you are unable to complete this process on first login, once you have gained access to FastTrack360, you will be able to retrieve the QR code from your User Profile (see item below). If you change your email address, you will need to open your TOTP Authenticator app and delete your existing FastTrack code generator, then use the below process to re-scan your QR code to your Authenticator.
View your QR Code in your User Profile (from 11.36.3 onward).
1. | Once you have accessed FastTrack360, click on the Profile icon at the top right of the header, then select Profile. The profile pop up displays. | |
2. | Click View QR. The Enter Password item is displayed. | |
3. | Enter your password and click Ok. If your password is validated successfully, the QR code will display for a short period of time. It will look like the example on the right - without the X's! | |
4. | Scan the QR code to the Authenticator app / plug-in - if you have not yet scanned your code during the login setup process, or if you need to scan the code to another device or browser plug-in. If you have scanned the code, the app will advise where this is successful. The app. will generate passwords/codes which will change approximately every minute. |
SMS MFA
You must have a current mobile phone number stored in your User Profile to use this method. See Viewing and Updating Your Profile.
If your mobile phone number changes, make sure the new mobile phone number is updated to your Profile settings, so next time you login, the code is sent to the correct phone.
A MFA code will be sent to your mobile after you submit your username and password on login. Enter this code into the SMS Authentication screen (example below) and click Submit to gain access to FastTrack360.
MFA Authentication Screen options
Remember Me
If this option is available to you, where ticked, the system will remember your authentication details for the device (machine) you have used to access FastTrack360 for the period of time displayed. This means that the next time you login on the browser, you will only need to enter your Username and Password. If you work across different browser types, for example you use both Chrome and IE, you will need to tick 'Remember Me' for both browsers.
I don't have my phone/device
If this option is available to you, and you do not have your code generating device available (ie; mobile phone, tablet etc) where ticked, the system will display your Security Question which you can answer to gain access. This process may take a little longer to authenticate you than using the MFA process.
Note: This option is not available to users impacted by Mandatory MFA items (for example you have access to Australian Candidate Record's Payslips Lists, or Payment Summary lists, or items in the middle office that display AU Candidate pay information). This is because the ATO does not allow a second MFA method that is an answer already known to the user logging in. You will need to seek the assistance of your System Administrator if you cannot provide the authentication code.
Send new code
If your MFA method is SMS, then this option will be available to you. You can tick this option if the code did not get to your mobile phone, or you have accidentally deleted it. The system will dispatch a new code to you.
Mandatory MFA Security Permission items
If you have one or more of the following Security Permission items assigned to your Security Role, AND you have access to Australia in your Data Group, MFA will be required to login to FastTrack360:
MFA Mandatory Permission Items | ||
Data Group Country | User Type | Permission Item |
Australia | Agency User | Gross Wage – Payee Data |
Australia | Agency User | Gross Wage – Pay Batch |
Australia | Agency User | Gross Wage – Pay Enquiry |
Australia | Agency User | Gross Wage – Reporting |
Australia | Agency User | Gross Wage – EFT Pay |
Australia | Agency User | Gross Wage - Pay Slip Delivery |
N/A | Agency User | Statutory Reporting (AU) – Payment Summary |
N/A | Agency User | Statutory Reporting (AU) – TFN Declaration |
N/A | Agency User | Statutory Reporting (AU) – STP Submission |
N/A | Agency User | Statutory Reporting (AU) – STP EOFY |
Australia | Agency User | Interpreter Results - Interpreter Review |
Australia | Agency User | Interpreter Results – Timesheet Transaction Reporting |
Australia | Agency User | Report – Report Designer |
Australia | Agency User | Candidate – View Payslip Details |
Australia | Agency User | Candidate – View Payment Summary Details |
FAQ
Question | Answer |
|---|---|
I can't scan my QR code on the TOTP Setup Screen. | This issue randomly occurs when setting up an authenticator as a PC browser extension. Go into your browser settings (zoom), reduce the size of the page then try re-scanning. If this does not work and you have the 'I don't have my device' option available you can use your Security Question answer to log in. If you do not have this option, please contact your System Administrator for assistance. Your System Administrator will be able to open your User Record in Maintenance, and run a process to generate a code that you will be able to enter to gain access to the system. Once you are in the system go to your User Profile as described above and attempt to scan your QR code - please seek assistance from your System Administrator if you are still having difficulty. |
I don't have the smart phone that has my TOTP Authenticator app. | If you cannot see the 'I don't have my device' option in the FastTrack360 Multi-Factor Authentication screen which displays following your initial Username/Password login, please contact your System Administrator. They will be able to generate a code from your User Record that you can use to access the system. Once you are logged in, you can download a TOTP browser extension and access your User Profile as described above to scan your QR code to the TOTP browser extension item. If get a new smartphone, and your apps are not transferred to your new phone, you will need to download the app again and scan the QR code from your User Profile. |
I use the TOTP method but the codes are not being accepted | If the codes produced by your TOTP authenticator are not being accepted when you log into FastTrack, you will need to delete your existing FastTrack code generator item in your authenticator, and re-scan your QR code available in your User Profile. This issue will occur if you have changed your email address in FastTrack360 as this forms part of the QR code secret. You may need help from your System Administrator to log back into FastTrack360 if you do not have the 'I don't have my device' option displayed. Ideally if you change your email address, while you are in FastTrack360, open your User Profile and display the QR Code. Next open your TOTP authenticator, and delete your existing FastTrack item, and click on the Add action to scan a new QR code. Scan the QR code from your User Profile to reconnect to the authenticator. This should work next time you login. If you are still receiving errors for invalid codes, please ensure your system clock has the correct time – even 30 seconds difference can impact the validity period of the TOTP codes and prevent successful validation. |
I use the SMS method but the Code is not being sent to my mobile. | Your SMS service may be down - the system will notify you if this occurs. Try selecting re-send code - if this persists, contact your System Administrator to assist. You may not have the correct mobile phone number stored in your User Profile. Contact your System Administrator for assistance. |
Classification-Public