Two-Factor Authentication in Primo Payroll

Set up a Two-Factor Authentication for a more secure login in Primo Payroll.

Follow the below steps to Enforce Two-Factor Authentication in a Primo Payroll Company.

1.    Enforce Two-Factor Authentication (2FA) in a payroll company.

Settings --> Users --> Enforce 2FA --> Yes --> Save

2. User Setup & Verification: 

When the users log in, they’ll see the below screen. They can set up and verify the 2FA straight away or set up later (maximum of 3 skips allowed). 

Setup 2FA: The users should set up the 2FA by downloading the Google or Microsoft Authenticator on their mobile device and scanning the below QR code or typing the manual setup code (beneath the QR code) and then clicking ‘Next’. 

Verify 2FA: Open the Google or Microsoft Authenticator and it will display a six-digit code. This code should be entered in the box shown in the below screenshot. Remember that this code is valid only for the time limit shown on the authenticator app (approx. 30 seconds) and the authenticator will change the code every 30 seconds. Do note that the code should be verified within that 30 seconds or else you’ll have to try with a new code again. 

Also, remember to store the ‘Backup Code’ in a secure location. This code can be used when you’re having issues connecting to the Google or Microsoft Authenticator app to get the code.

 On clicking ‘Finish’, the portal will log off and the user should use the 2FA to log in again. 

3. User login:

After entering the Username, the program will show the below 2FA screen. On entering the code, the user will be allowed to enter their Password and PIN on the Primo Portal.

If the user has issues connecting to the Google or Microsoft Authenticator app to get the code, they can click the 'Problems getting your code?' and enter the backup code instead and click 'Verify Code'. 

4. Reset Two-Factor Authentication

Settings --> Users --> Select the user --> Reset 2FA

The user's 2FA can be reset by clicking the 'Reset 2FA' and the user will have to set up his 2FA again.