Contents

OneAdvanced SSO and MFA FAQs

Katy Harrison Updated by Katy Harrison

What is SSO?

Single Sign-on (SSO) is a user authentication method that makes it easy to centrally manage application access and enables users to securely authenticate with multiple applications by using just one set of credentials. SSO not only makes it easy to centrally manage access to multiple applications or user accounts, but it also enables users to sign into a user portal with their existing corporate credentials and access all their assigned accounts and applications from one place.

Some of our products (like Care Cloud, Financials and HR) have SSO already. You may hear this referred to as Advanced SSO or ASSO. We are introducing multi-factor authentication via our platform.

You can read more about SSO, multi-factor authentication (MFA) and why it's important in our short explainer.

Login details

I've forgotten my username, what should I do?

Often times, your username will be your email address. If it's not your email address, you can contact your system admin and they can look up your username.

I've forgotten my password, what now?

No worries! Go to the login page as normal and enter your username or email address. Then you will see an option for 'Reset Password'. Click this link and you will be sent an email with a link to set a new password.

If you have any problems with this, your system admin can also set a password for you or set your account to require a new password when you next log in.

I want to change my password

You can change your password by opening your profile from your name at the top right of the screen, then opening Account Settings, or going directly to https://myworkplace.oneadvanced.com/account-settings. Then select Change password.

Authentication

What is MFA? Why is it important?

You can read about MFA and why it's important in our short explainer.

How often will I have to enter multi-factor authentication?

When using the MFA feature from Identity, you must enter an MFA code for every login to a OneAdvanced application, including re-logins caused by inactivity or expired sessions.

Your organisation may have enabled SSO linking your OneAdvanced account with an external identity provider (IDP) like Microsoft Entra ID, Google Identity, or Okta. This allows you to use your existing credentials for OneAdvanced access, with multi-factor authentication settings managed separately by your organisation.

How do authenticator apps work?

Authenticator apps generate time-based, one-time passcodes (TOTP or OTP) for multi-factor authentication. These apps store a secret key from the service and produce a 6-8 digit code that changes every 30-60 seconds.

Identity utilises this algorithm to match the code generated by the app with its own, based on the current time and the secret key. A successful match grants access.

This method, leveraging time and a shared secret key, ensures each code is unique and one-time-use, significantly enhancing security over static passwords and streamlining the login process.

What authenticator app should I use?

You can use any authenticator app of your choice, though your organisation might recommend a preferred one. Check with them first. Below are some popular options:

Encryption

Platforms

Cloud backup

Offline support

Benefits

2FAS

All your data is safely stored offline on your device.

If you're using cloud sync, the communication between your phone and your cloud backup or browser is end-to-end encrypted by default.

Android, iOS, and browser extension

Yes

Yes

+ Simple and easy to use

+ Encrypted cloud backups to iCloud or Google drive

Authy by Twilio

Stores an encrypted copy of your accounts in the cloud.

The account is encrypted/decrypted inside your phone so neither Authy or anyone affiliated with Authy have access to your accounts.

Android, iOS, Windows, macOS, Linux

Yes

Yes

+ The encrypted cloud backup means only you can ever access your information

- Requires you to enter your phone number so it's not as independent as the other app options

Google Authenticator

Not end-to-end encrypted when connected to your Google account.

You can use offline for more secure encryption.

Android, iOS, Chrome

Yes

Yes

+ Connects to your existing Google account

+ Can use alongside Google Password Manager

Microsoft Authenticator

Passwords in the cloud are encrypted and decrypted only when they reach your device.

Android, iOS

Yes

Yes

+ Connects to your Microsoft account

+ Includes a lot of extras, including password management, verified IDs, addresses and payment card information

+ Backs up in the cloud if you turn on account recovery

What happens if I change or lose my phone?

The ability to recover or transfer MFA accounts depends on your authenticator app. Apps with cloud backups enable recovery, while others require both your old and new phone to transfer accounts.

To update your MFA settings or switch devices/apps, follow these steps if you can still log in:

  1. Click your name at the top right, then select Account Settings or visit https://myworkplace.oneadvanced.com/account-settings.
  2. Choose Remove MFA and confirm the removal.
  3. Select Set up MFA to configure a new device or app.

If you cannot log in, contact your system administrator to reset your MFA. You will be prompted to set up MFA again upon your next login.

Note: Authenticator apps with cloud backup on iPhones do not support transferring MFA accounts to Android devices.

What happens if the code from the app doesn't work?

If the code from your authenticator app fails:

  1. First-time setup issues: If this is your initial setup and the code isn't working, delete the account in your app, re-scan the QR code to add it again, and enter the new code.
  2. Existing users: If you've successfully used MFA before, wait for the next code cycle (new codes generate every 30 or 60 seconds) and try again.
  3. Persistent access issues: Should problems continue, contact your organisation's system administrator to reset your MFA settings, allowing you to set up the authenticator app from scratch.
  4. Further assistance: If issues persist after these steps, seek help from the app provider, or have your system administrator contact OneAdvanced Support for further assistance.

I don't have a work mobile device and don't want to use my personal device - what should I do?

Your organisation's system administrator can enable email-based MFA, where a code is sent to the email linked to your OneAdvanced account.

However, this method may not be permitted as it is generally less secure compared to using an authenticator app.

Security

Is my data safe?

We require all users to enable MFA for accessing OneAdvanced software to enhance data security against malicious attacks. Using two forms of authentication significantly boosts security and helps prevent unauthorised access, particularly if your password is compromised. You are likely familiar with MFA from personal experiences such as online banking, online transactions, or accessing various apps.

I access OneAdvanced applications from shared devices, how does OneAdvanced SSO work then?

You can continue using your OneAdvanced applications on shared devices as usual via OneAdvanced SSO. Remember to log out and close your browser windows after use to end your session. This ensures that the next user will need to log in with their own credentials.

If you forget to log out, the next user might not be able to access the shared device; in which case you must contact your system administrator, who can remotely log you out.

Who do I contact for support?

If you need assistance with logging in or using multi-factor authentication, contact your system administrator. They can reach out to OneAdvanced Support for additional help if needed to resolve your issue.

Nobody at OneAdvanced will ever ask you for a verification code from your authenticator app or email.
Never share a verification code with anyone else.

How did we do?

An Introduction to Multi-Factor Authentication & Single Sign-On

OneAdvanced Single Sign-on login process when using an authenticator app

Contact