Multi Factor Authentication
To better secure your customer data you can enable Multi Factor Authentication on your uCollect accounts. We support both Google and Microsoft authenticators (plus others that support this generic standard).
NOTE: Xero is requiring all apps that connect to Xero ledgers enforce multi-factor authentication. Therefore all Xero users will now be required to establish MFA on their user accounts to access uCollect. To facilitate this all users should have their own unique login (we do not have user limits) and have an authentication device available. If you do not have a mobile phone with a Google or Microsoft Authenticator app and cannot install one, you can try this Chrome Extension.
Here's a useful article if you haven't used an authenticator app before, and here's a great introductory video. If you do not have a mobile phone with a Google or Microsoft Authenticator app and cannot install one, you can try this Chrome Extension.
Our authentication has been tested with the following authenticator devices/apps:
- Google Authenticator
- Microsoft Authenticator
- Lastpass Authenticator
- Twilio Authy Authenticator
- Authenticator App (Pixster Studio)
It does not work with:
- Xero Verify
- RSA SecurID
Setting up MFA on your account
Any user profile can activate MFA as follows:
- Go to Edit, User Profile
- Check the box for "Enable MFA" and click Submit
- Using your Google or Microsoft authentication key generator add an account
- Scan the QR code to create the token.
- Enter the challenge key provided on your device into the uCollect screen (under the QR code).
- If you want uCollect to remember you on this device for 30 days check the box before hitting submit.
- Click the Verify button.
Resetting your MFA token
If you lose your MFA device but are still within the 30 day window then you can reset your MFA settings from inside your User Profile (Edit, User Profile). Just check Remove MFA, Update Profile, Refresh the screen, check Enable MFA, Update profile. and then set it up again.
If you are unable to login please contact an administrator for any of the organisations you have access to. They can reset your MFA (forcing you to set it up again on your next login) from the Edit, Organisation Settings, Users section (click the Reset MFA link beside the user name). If you are the only administrator then you will need to contact uCollect Support. Please send an email from your registered user email address directly (not through our web form). You will need to be able to reply to a message from us for verification. This process may take up to one working day. We can not accept requests from one email address to reset MFA for another email address.
We recommend having at least two administrator users using separate authenticator devices so that if one fails you can reset that user from within your own organisation (the other admin user can reset the broken one) without having to wait for support to verify your request.
Organisations Requiring MFA
An organisation administrator can enforce MFA for all users (users of Xero-connected organisations are enforced by default, as required by Xero) by doing the following:
- Log into uCollect as an Administrator for the organisation.
- Go to Edit, Organisation Settings
- Scroll down to the MULTI-FACTOR AUTHENTICATION SETTINGS section
- Check the box "Require Multi-Factor Authentication for all users" and click submit.
Any user that does not have MFA enabled on their account will need to setup MFA before being able to login/switch to that organisation.
If you're having trouble
- Request that your MFA setting be reset (any admin user in your organisation can reset your MFA settings, or send an email from your registered email address to firstname.lastname@example.org)
- BEFORE YOU LOGIN, go to your authenticator device and DELETE all existing uCollect tokens
- Login to uCollect. It should present you with an MFA code
- In your Authentication app add a new entry and scan the QR code
- Enter the 6-digit number generated in the authenticator app into uCollect
You should now be setup and ready to go.