AFAS Online logging in through text messaging will stop as from 1-1-2022

The two-factor authentication for AFAS Online by using text messaging has ended on 1 January 2022.

The reason for this change is that text messaging is not the safest choice as a second factor for logging in. Many parties still use text messaging as a second-factor authentication method, but in the reports on security it is clear that risks are linked to this. For example, logging in through text messaging is vulnerable to interception. Do you still use text messaging? We then recommend you switch to logging in by using AFAS Pocket. This is safer and you do not have to enter the code, making it easier too!

Confirmation through text messaging will, however, continue for the first registration and when using a new telephone number.

Contents

What are the alternatives to logging in through text messaging?

What are the alternatives to logging in through text messaging?

How do I inform my users to switch to AFAS Pocket?

1. Check which users are still using text messaging

Through Profit Windows, an analysis is available that gives an overview of the users that still use text messaging as a second factor for logging into AFAS Online. You can run the analysis per subscription/participant number. Do you have several subscriptions? Generate the analysis for each subscription to gain insight into the users who still log in through text messaging. You can consult the analysis by performing the following steps:

  1. Go to: General / Environment / Management / Properties, AFAS Online tab.
  2. Double-click the setting Analysis of text messaging uses when logging into AFAS Online.
  3. In the Value field, enter the email address linked to your user.
  4. Read the explanation and click OK and, next,YES at the message.
  5. You will receive the analysis in your mailbox in about 15 minutes. Depending on the size of the analysis, this may take a shorter or longer time.

Analysis explanation

The analysis shows the users for whom text messaging is linked as a login method. The second column shows which of these users logged in with text messaging in the past month. Users who have linked AFAS Pocket as their login method are not included in the analysis.

  • 0 means that the user has not logged in with text messaging in the last month.
  • 1 means that the user did log in last month using text messaging.

In the view in the Authorisation tool, you can subsequently filter on the user codes from the analysis. This view can be exported to Excel by using the 'green arrow'.

2. Inform the users who still use text messaging

Through the analysis above, you have insight into the users who still log into AFAS Online through text messaging. To help you inform these users, we have drawn up a step-by-step plan explaining how to change the login method from text messaging to AFAS Pocket. Several accounts can be linked to AFAS Pocket. The step-by-step plan is available as:

Use (one of) these options to inform your users. If you choose to purchase your own text messaging service or configure single sign-on, it is not necessary to inform your users.

Note:

To continue to log in successfully, use one of the following browsers: Google Chrome, Microsoft Edge, Mozilla Firefox or Safari. Ensure your users are not using Internet Explorer. We have not supported this browser for some time.

It's this easy to log in by using AFAS Pocket!

You can send the video below to your employees with the link https://www.youtube.com/watch?v=RFn-dQFy7SA.

What happens if I do not take action?

If you do not take action, you will no longer be able to log in using text messaging as from 1 January 2022. You must then log in (each time) through a colleague. You do this as long as you do not use any of the above alternatives.

Veelgestelde vragen n.a.v. het webinar sms stopt

Do you have an important role in successfully transferring users to a new login method? Below you will find the frequently asked questions.

1. Where can I find an overview of the users who still log in with SMS?

An analysis is available via Profit Windows that provides insight into the employees who still log in with SMS. More information can be found in the article: Logging in AFAS Online via SMS will stop from 1-1-2022.

2. Why do I not see the Security tab on the AFAS Online Portal?

If the Security tab is not visible, you are logged in with single sign-on. The Security tab is only visible if you log in with two-factor authentication.

Logging in is as follows:

If you want to change the login method, you must log in via the link https://afasonline.nl

3. Does the SMS still exist when you log in for the first time and when you change your phone number? And who pays for this SMS?

The text message that is sent when you register for the first time or when you change your telephone number will remain and will be charged to AFAS.

4. Does this change also apply to OutSite?

This change does not apply to OutSite. It has never been possible for OutSite to log in with SMS. Since Profit 18, OutSite has been able to log in with two-factor authentication. As an organization, you can decide for yourself whether you want to activate this for your website. AFAS has enabled this for the AFAS Customer Portal since 28 July.

5. Does this change also apply to digital signing?

Nothing will change for digital signing and the SMS option will remain. SMS as an authentication method is insecure (such as when logging in). SMS to identify (as happens with digital signing) is legally valid. To sign digitally, always log in to AFAS Online or OutSite first. So signing by SMS is also indirectly safer if you do not log in with SMS. We therefore recommend setting up two-factor authentication at OutSite.

6. Can you use different login methods side by side?

Yes, that's possible! Employees can choose themselves on the AFAS Online Portal which login method they use to log in (see image). This makes it possible for one employee to log in with AFAS Pocket and the other employee with the Google Authenticator. You can also switch login method at any time.

7. Why can new users still log in with SMS?

One of the alternatives is its own SMS service. As a customer, you can still choose to log in with SMS. As a result, we cannot force you to no longer log in with this. Tip! Enforce in the instructions for new employees that they must connect AFAS Pocket or another authenticator app.

8. If you set up your own SMS service, do you pay immediately or only from 1 January?

From the moment you have set up your own SMS service, the costs run through your own SMS provider.

9. What happens if an employee still logs in with SMS after 1 January?

Employees who log in with SMS after 1 January will receive a notification in which they can choose to directly link AFAS Pocket or another authenticator app. Even before they are logged in. If the employee does not choose to link an authenticator app, he/she logs in via a colleague. The employee does this as long as no other authenticator is linked.

10. We log in with SSO. How does it work if you want to log in outside Citrix?

When you log in with SSO, you as an organization decide how to log in. In that case, this change does not apply. Even if you log in outside your citrix environment, it is possible to log in with SSO. This depends on how this is set up within your own organization. Please contact your own system administrator for this.

11. Can the SMS analysis also be run for test and/or acceptance environments?

Yes!

12. The SMS analysis shows more SMS users than I have employees. How is this possible?

The SMS analysis also shows the users who have never signed up. By filtering the value 1 in the column 'SmsUsedLastMonth', you have insight into the users who logged in with SMS last month. In addition, the analysis looks at the unblocked users from the Authorization tool. Do you have another live environment where the same user is not blocked? Then it will show up in the analysis.

13. I do not receive the analysis in my mailbox. What's going wrong?

You probably need to be patient. We would like to ask you to wait at least an hour. In addition, in the Value field, you must enter the email address associated with your user. Check your spam.

14. Does this change only apply to users of the AFAS Customer Portal and Profit or to all users?

This change applies to all

Directly to

  1. Logging into AFAS Online
  2. Logging into AFAS Online for the first time using two-factor authentication.
  3. Logging in with AFAS Pocket using a unique number
  4. Signing on by means of two-factor authentication
  5. Switching the authentication method
  6. Forgotten my telephone in relation to two-factor authentication
  7. Using a web version instead of Citrix Receiver
  8. Change personal data/I have a new phone
  9. Signing on by means of Single sign-on
  10. Logging in through text messaging will stop as of 1-1-2022