Table of contents
1. Introduction
With two-factor authentication, you can make your HR WORKS access just as secure as your bank account. If the second security level is activated, all employees need a “second factor” in addition to their HR WORKS access data in order to successfully log into the system.
The second factor can either be an email, accessed via Google Authenticator on a smartphone or generated using a YubiKey. You decide which security level should apply to your company and at what intervals authentication by the second factor is required.
2. Activating two-factor authentication
Tip: This function is still available when using Single Sign-On.
Selecting the security level
Select the security level in the admin menu “Basics/Security/Security basics” and then open the tab “Second Factor settings”. By selecting the security level, you oblige every employee to use the selected security authentication.
At the same time, you can specify the validity period of the activation to determine after which period the employees should re-authenticate.
When employees log on to a new device (PC, smartphone, tablet), they are repeatedly prompted for authentication, regardless of the time period. The same goes for deleted cookies as well as the cache at a device, the persons logged themselves into already.
Note: When using the security level “Authenticator” as a second factor, you can delete the authenticator entered for the employees if they no longer have access to the device with which they originally authenticated themselves.
For this, call up the respective employee via the admin menu “Persons/Persons” and then open the menu “Master data/Security”. With the next login, the employee will receive a QR code to set up the new device.
3. Security levels
Via email
A valid email address stored in HR WORKS is required for the email authentication. After activation, you and your employees will receive an automatic email the next time you log in and once you have entered your access data correctly. This contains an individually generated link and a confirmation code that you have use to complete the registration and log in to HR WORKS.
Via authenticator
If you activate this security level, you will first need to set up the Authenticator app once on the relevant mobile devices of your employees. The Google Authenticator app is available for Android and iOS. The Microsoft Authenticator app is also available for Android and iOS.
Once set up, you will be asked to enter a 6-digit confirmation code the next time you log in. You will receive this code via the selected Authenticator app. The code is valid for 30 seconds and is generated randomly on an ongoing basis.
It is not possible to log in to HR WORKS without physical possession of the smartphone or tablet that has been set up.
Note: If an employee changes their smartphone, they can create a new smartphone for the authenticator in the user menu under “My profile/Settings/Three-point menu ‘2-factor authentication’". The administrator cannot do this for the employee. When changing smartphones, please make sure to update them promptly before the next authentication is due.
Via YubiKey
You can achieve the highest level of security in HR WORKS by using a YubiKey (small device that you can connect to a USB port). To implement this security level, every HR WORKS user in your company needs their own YubiKey. You can obtain this from Amazon.de under the following link: YubiKey. If you activate the “YubiKey” security level for your company, you and your employees will first need to set up the YubiKey the next time they log in for once. Future logins to HRWORKS can only be carried out using the YubiKey. A special, forgery-proof code is generated by holding down a button on the YubiKey. This means that it is not possible to access your HR WORKS account without physical possession of the YubiKey.
