authentication is automatically set up for all users unless they have
previously requested not to have this feature. If you do not have multi-factor
authentication set up, please contact Midwinter support (1300 882 938 or info@Midwinter.com.au) or your account
manager to have this enabled for your account.
MFA provides a second
line of defence for your AdviceOS account. With MFA enabled, even someone with
your account password would not be able to login into your account as they
would also require access to your phone or email account. This provides additional
protections to all client data held in AdviceOS and improves the already robust
security measures Midwinter takes to protect your client’s data.
take seconds to authenticate your login once the temporary code (which is
provided to the user as a text/email/authenticator app code) is entered into
the login page. The codes are provided to the user immediately upon entering
the correct username and password.
The password reset
process remains unchanged. You can either use the “forgot password” link in the
login page or contact Midwinter Support on (1300 882 938) who will send you a
reset password link.
Please contact Midwinter Support (1300 882 938 or email@example.com) to request a reset your MFA method. Once this has been completed AdviceOS will prompt you to select a method when you next login.
MFA will be automatically set up for all users unless they have previously requested not to have this feature. If you wish to set up MFA, Midwinter must first enable this for the user’s account. A user can contact Midwinter support (1300 882 938 or info@Midwinter.com.au) or an account manager they can get MFA enabled.
Once enabled, the
user will be prompted for a username and password when logging into AdviceOS:
Upon signing in the
user will be prompted to setup select an MFA method from three choices:
The Google authenticator is an app that needs to be installed on the users’ phone. This app then creates a short-term token/password which can be used to login to AdviceOS.
This method is a high-tech solution which creates a password that is only available for 30 seconds making it very hard to lose or share. Instructions to set up further down.
AdviceOS will confirm that the user has permission to login by sending a reference code to the registered email address for this user. Once the user receives an email with an access code this will need to be entered into AdviceOS and then the user will be able to login.
This method can be used without using a mobile phone or third-party app by opening the registered email inbox on the computer. Instructions to set up in section 3.3.2.
SMS, similar to email, will SMS/text the access code to the phone number that has been saved to the user account. This will need to be entered into AdviceOS before the user will be logged in.
This method requires a physical phone to be available to access AdviceOS. Instructions to set up in 3.3.3.
To use the authenticator method, the user will need to download the Google authenticator (other authenticators will work but Midwinter recommends Google) to their mobile phone from the app store.
Once the Google Authenticator is installed and ready for the QR code. AdviceOS will provide the QR code once the ‘Set up Authenticator’ button in AdviceOS is clicked. This QR code can then be scanned from the computer screen with the Authenticator app.
authenticator will then produce a temporary code every 30 seconds, enter the
code on the app into AdviceOS to authenticate.
To use email authentication, select the “Set up Email” option.
To use email SMS, select the “Set up SMS”
Once this has been set up, the next time a user logs in to AdviceOS, after typing in a username and password, AdviceOS will ask for the “access code”. This will either be the access code in the authenticator app, or the access code sent in an email or SMS depending on the method chosen.