Setting up an Authenticator App

What is an Authenticator App?

An Authenticator App is designed to ensure that you are the only person who can access your ExpensePlus account.

With an Authenticator App, when you sign in to your ExpensePlus account you will need both your password and a 6-digit verification code.

To enable Authenticator App you will need a smartphone with a camera and you will need to install the Google Authenticator or Microsoft Authenticator app.

How do I set up an Authenticator App?

Select the user profile icon (top right corner), then click Multi-Factor Authentication

Select Authenticator App Settings

Follow the on-screen instructions - you will need to install the Google Authenticator or Microsoft Authenticator app on your smartphone.

Top Tip: An Authenticator App is the best way to prevent someone else from getting access to your account. It dramatically improves account security, as just knowing your password isn't enough for someone to access your account.

Is an Authenticator App better than Touch ID?

In some ways, yes because even if Touch ID is set up, the option to switch to entering a password is always possible (for where you are using an unregistered device or you have an issue with your fingerprint reader).

However, your best option is to set up both! This way, you can gain all of the benefits Touch ID offers in terms of fast secure sign-in, and where Touch ID isn't used, an authentication code will be required.

Good to know: Enabling Authenticator App and Touch ID doesn't mean that you will have an extra sign-in step, it just means that if Touch ID isn't used, your account is further protected by the need to enter an authentication code.

Is there a way to require users to use an Authenticator App to keep our organisation's data secure?

Yes - this can be set per user role by the System Administrator (or anyone with access to the user settings screen). There are three options with regard to the use of Authenticator App that you can set per user role, which are:

Enforced - users with this role will be required to set up and use an Authenticator App (they won't be able to access ExpensePlus if they don't)
Encouraged - users will see a banner message each time they sign in, requesting that they set up and use an Authenticator App (they will still be able to access ExpensePlus if they don't)
Optional - users won't be required to use an Authenticator App and won't see a banner message (but they can still set up an Authenticator App if they choose)

It is your choice as to how each role within your organisation is set up. However, we would typically recommend that:

For roles that have either full access to your organisation's data; access to the user settings module, or full access to detailed financial reports and/or donor data, set the requirement for using an Authenticator App to be enforced (or at the very minimum, encouraged).
For roles with limited access to ExpensePlus (such as that of a 'user' or 'budget holder'), you might decide you want to set the use of an Authenticator App to be either optional or encouraged.

To set whether an Authenticator App is needed for each of your organisation's different user roles, go to Settings -> Users -> Manage User Roles, and click on the role you wish to update.

What do I do if I lose or change my phone?

If you still have your phone:

Sign in to ExpensPlus, and go to the Authenticator App Settings screen.
Click the option to 'Disable Authenticator App', then using your new phone, re-set up the Authenticator App.

If you don't have your phone

Contact your System Administrator (or someone else who has access to the user settings screen within ExpensePlus) and ask them to disable the Authenticator App for you (which they can do within the user settings screen, by clicking the update icon on the right-hand side of the screen).