Secure Authentication 2FA Update
Back in 2018, MYOB introduced secure authentication using a two-factor authentication method (2FA) for MYOB Advanced customers. An enforcement date was originally set to help customers reach security compliance, however, this date has shifted several times to allow customers to prepare and set up their authentication.
! The enforcement date has been shifted again to the 31st of March 2024 for sites on older versions below 2022.121.301 we have also the enforcement date in the latest versions (2022.121.301 and above).
In version 2022.121.301 and above the Enforcement date field was replaced with a new Enforce Secure Authentication checkbox empowering our customers to manage this feature themselves. At the same time, we also removed sign-up banners and dialogues informing users of upcoming changes. Learn more about this change in our release notes
To assist in clarifying the differences between versions, see the table below:
Site version | Current state | Notes | Next steps
|
Versions below 2022.121.301 | Current enforcement date: 31 March 2024
| No immediate action required | Upgrade to a fix version prior to 31 March 2024
This can be achieved through the scheduled upgrade windows or by request if an earlier date is required.
|
Versions 2022.121.301.3266-dev 2022.121.302.3452 2022.121.400.3744 2022.205.100. 3024 2022.205.101.3268 2022.205.102.3844
| Checkbox to Enforce Secure Authentication has been applied | We have identified the below issue related to these versions where you are unable to register (opt-in) individual users for 2FA.
| Upgrade to a fix version.
This can be achieved through the scheduled upgrade windows or by request if an earlier date is required.
|
Issue
When sites have Enforce Secure Authentication unchecked individual users are unable to register for 2FA
Steps to replicate
- Log in to the site as a new or existing user.
- Try to sign up for MYOB Secure Authentication (2FA) without Enforce Secure Authentication checked
Solution
A hotfix will be released soon, the fix will be deployed from July 2023 onwards. Sites that require this fix earlier than their regular scheduled upgrade can request an earlier upgrade window. Please contact angela.maxwell@myob.com for early access.
Workaround
Option 1: Enforce Secure Authentication for all users (Security preferences SM201060)
OR
Option 2:
Direct Users to go to their User Profile, into the External Identities Tab, click on the MYOB row, and click the Associate ID button
- Open User Profile
- Open External Identities Tab
- Check if MYOB line has an "Active" tick, this only works if it is ticked active.
- Click the Associate User button
Option 2 only works if the user is already "active" for MYOB Secure Authentication. If they do not have an active tick in the box, you need to follow Option 1.
Next Steps
- Start discussing secure authentication with customers and how they would like to proceed.
- For those customers wanting to turn on secure authentication for individual users check the site version, they will need to be on the hotfix version or higher to enforce authentication successfully.
Best regards,
Jean Fulop
Senior Product Manager