The Multi-Factor Verification feature uses SMS to verify the user's identify, leading to enhanced data security.
Once Multi-Factor Verification (MFV) is enabled, Employers will be taken to a verification step during their registration to verify if they are the intended recipient of the email. The verification method is via the phone number the administrator entered while creating the employer's account.
Note that phone numbers can still be stored in the same format as Aptem accepts today - we do not require the numbers to be in international format.
In cases where MFV is enabled, the Mobile Number field will be mandatory while creating or editing a user. This is also true in case you are creating users via CSV upload/ API.
Enabling the feature
To enable Multi-Factor Verification for Employers, customers can raise a support ticket requesting it.
Once this has been enabled by the Support team, an administrator with the Manage Tenant Setting permission can enable this functionality for your tenant. For more information, see: Configuring MFA on a tenant.
Currently, we are offering a beta version of this functionality. We would like to hear your feedback about this feature. If you have anything to share, please do so via the Customer Support Team or via the Support team.
Note that this feature is not a chargeable item during the beta phase; it may be chargeable in the future.
When a new Employer is registered, they will receive a registration email as usual. When they click the Activate Account link in the email, then:
- if MFV is not enabled, they will be taken to the Create Password screen as usual.
- if MFV is enabled, but they do not have a mobile number populated, or have an invalid mobile number, then they will be taken to the MFV screen, and will be shown a message to contact their administrator to fix their number.
- if MFV is enabled, and they have a valid mobile number populated, then they will be taken to the Enter verification code screen in Aptem console, even if they only have access to Classic.
When the user reaches this screen, a six-digit code is sent to the registered mobile number - the number the administrator added to the Employers account while creating their account.
The SMS delivery is tracked – allowing the user to know if the message was successfully delivered or not.
The user can use the Resend Code option and request a new verification code after 30 seconds of the previous request. Note that the new verification code will be the same as the previous code if it has been under 15 minutes since the previous code was sent. If it has been over 15 minutes, then the new verification code will differ from the old one.
The user must enter the verification code they receive on their mobile. Once they enter the code, they must click Verify and Register.
If the verification code is incorrect, an error message is displayed. If the user enters the incorrect code five times, they will see an error and be asked to wait 60 seconds before trying again.
If the verification code is correct, the user is taken to the create password screen.
Those Employers who only have access to Aptem classic will be logged in/redirected to the classic interface after they complete the verification and set their password using the console interface.
In cases where MFV is not enabled, the employer will be directly taken to the create password registration step when they click the Activate account link in the registration email.