All Collections
Australasia Region
FAQs: Multifactor Authentication (MFA) and Single Sign on (SSO)
FAQs: Multifactor Authentication (MFA) and Single Sign on (SSO)

All you wanted to know about MFA and SSO

Written by Ian
Updated over a week ago

What is Multifactor authentication (MFA)?

MFA is a security measure that requires two or more proofs of identity to grant a user access to a resource such as an application, online account, or a VPN.

How does it work?

MFA works by requiring additional verification information (factors). Most MFA authentication methodology is based on one of three types of additional information:

• Knowledge: something only the user knows, e.g., a password or a PIN code, secret question

• Possession: something only the user possesses, e.g. a mobile phone

• Inherence: something the user is, e.g. the use of a fingerprint or voice recognition.

What is the need for MFA?

The main benefit of MFA is it will enhance an organization's security by requiring users to identify themselves by more than a username and password. While important, usernames and passwords are vulnerable to cyber-attacks and can be stolen by third parties, enforcing the use of an MFA factor like a thumbprint or physical hardware key means increased confidence that thr organization will stay safe from cyber criminals.

Businesses as well as individuals should implement MFA wherever possible. Some MFA options include, but are not limited to: Physical token, Random pin, Biometrics / fingerprint, Authenticator app, Email, SMS.

Does Payapps support MFA?

Payapps has Multifactor Authentication (MFA aka 2FA) as an optional setting at an organisation level. This means EVERY user for that organisation will be subject to the MFA login process and will need a valid mobile number in the system to log in.

How does this work?

When a user enters their password in Payapps, they get sent a code to their mobile phone, that they need to enter in an extra Payapps screen in order to login. This uses Payapps’ MFA capability and is easy to set up.

Step 1: Continue to login using the email and password. When the password is entered in Payapps, a code is to the mobile phone number set up for the Payapps account.

Step 2: Enter the verification code sent to the registered mobile phone number via SMS

What is the Difference between MFA and Two-Factor Authentication (2FA)?

MFA is often used interchangeably with two-factor authentication (2FA). 2FA is basically a subset of MFA since 2FA restricts the number of factors that are required to only two factors, while MFA can be two or more.

What is Single Sign On (SSO)?

SSO is all about users gaining access to all of their resources with a single authentication. SSO uses an organisation’s own authentication process to validate a user. This means if a user is disabled by their organisation’s IT Security team, if they try to log in to Payapps, they won’t get in. It is a way for businesses to limit the number of places they need to update user access permissions.

What is the difference between MFA and SSO?

SSO is all about users gaining access to all of their resources with a single authentication. The main benefit of SSO is the streamlined approach. Users can access multiple services without pausing to enter new credentials. A common example of SSO is Google’s set of applications. With one login, users can access their email inbox, calendar, documents, photos, and videos.

Multi-factor authentication (MFA), on the other hand, offers a stronger verification of the user identity, often used for a single application. An additional factor is required beyond what has been supplied for the login.

Does Payapps support SSO?

Yes, Payapps also supports Single Sign On (SSO) via Microsoft Azure Active Directory (Azure AD).

SSO is enabled as an optional feature at the organisation level. It requires the customer to configure their Azure AD settings to list a couple of Payapps URLs as allowable login points, and each user’s existing email in Payapps must match their Microsoft email. If they are different, each user can update their Payapps email from the My Account > Profile page prior to the SSO feature being turned on.

How does SSO work?

When the user goes to the Payapps login page, rather than seeing the usual input fields for Email and Password, they will only see the Email field and a Next button.

When they enter the email address and hit Next, Payapps will check whether the user’s organisation uses the normal Payapps password validation, or SSO. If they’re not using SSO, the user just enters the password as normal and select Log In. The only change is the ‘Next’ button between entering your email address and password.

Note: MFA via Payapps and SSO are mutually exclusive.

This is because under SSO, Payapps does not authenticate the user’s credentials, Azure AD does and then passes back a security token to Payapps. The Payapps MFA feature is part of the login process controlled within Payapps, so they cannot co-exist. That said, Azure AD has its own MFA mechanism, which can be implemented as part of SSO, but that part is controlled via the organisation’s Azure AD settings.

As a case in point, when our Support team log into Payapps, they enter their email address and are re-directed to Microsoft’s login process. As part of that process, our Azure AD settings require MFA, so they enter their password and are then prompted for an MFA code before being authenticated.

If you have any questions or require assistance, please do not hesitate to contact Payapps support via in-app chat or email

Did this answer your question?