Configure the two-factor authentication

This topic is about the configuration of two factor authentication: a user needs to log on with a password and confirm via smartphone.

You configure this yourself - it isn't necessary to contact AFAS Support to bring the this method live.

Contents

System administrator's preparations

The system administrator checks the system requirements with regard to the network/data traffic and users. If you're using a third party to manage your systems, please contact this party well on time.

Record user email addresses

User sign on with an email address and password in relation to two-factor authorisation. Sign-on is completed through the smartphone of the user. The Profit-administrator must record an email address for each user. Users cannot do this themselves.

  1. Go to: General / Management / Authorisation tool.
  2. Open the properties of the user.

    The user name cannot contain an @, if the user has access to Profit Windows.

  3. Enter the email address in the E-mail field.

    2FA - Beheer - Overstappen (proc -mail gebruiker) - e0mail

The user manages his phone number for two factor authentication himself. Initially, the private business number will be used, but the user can change this number.

Also see:

Other preparations

Users sign on using an email address and password with regard to two-factor authentication and the sign-on is completed through the user's smartphone.

  1. You can record a mobile number linked to the person for each user. Complete these steps.
  2. Roll out AFAS Pocket if users complete their sign-on through AFAS Pocket (only applies to two-factor authentication).

AFAS Accept authorisation:

If you have an AFAS Accept licence, you can authorise users for the access to the Accept environments.

  1. Go to: General / Management / Authorisation tool.
  2. Open the properties of a user.
  3. Go to the tab: Applications.
  4. If you have an AFAS Accept licence, the AFAS Accept field will be available. If a user is authorised to have access to the Accept environment, select the AFAS Accept field for this user.

Na de overstap

  • Users logon using www.afasonline.nl (doesn't apply to single sign-on)
  • Users gain access using two factor authention or single sign-on. A user who is logged on can start Profit Windows or InSite using the Online Portal.
  • InSite users can also use 12345.afasinsite.nl directly.

Appointing the Profi manager for the portal

You appoint the Profit manager of your organisation's portal.

Attention:

This means the manager will gain access to the Manage tab on the AFAS Online Portal. If the manager is already logged on to the AFAS Online Portal, then log out and log on again.

  1. Go to: General / Management / Authorisation tool.
  2. Open the manager's properties.
  3. Goto the Applications tab.

    2FA - Beheer - Overstappen (proc -mail gebruiker) - e0mail

  4. Enable AFAS Online Portal Manager.
  5. If you have an AFAS Accept licente, the AFAS Accept field is available. If the manager is allowed access to the Accept-environment, than enable this field.

Na de overstap

  • Users logon using www.afasonline.nl (doesn't apply to single sign-on)
  • Users gain access using two factor authention or single sign-on. A user who is logged on can start Profit Windows or InSite using the Online Portal.
  • InSite users can also use 12345.afasinsite.nl directly.

InSite-tegel toevoegen aan login-pagina

The manager can provide a tile (for Profit Windows and for InSite) for the users when loggin on. If the user doesn't have access to Profit Windows, the AFAS InSite tile will not be displayed.

  1. Log on to www.afasonline.nl as Portal manager.
  2. Ga to Manage / InSite-app.
  3. Enter a name and select the URL.

Extra information about AFAS Online accounts and Profit usernames

A user signs on using his/her email address and password in relation to two-factor authorisation (followed by authentication through his/her smartphone). If his/her email address is recorded in relation to a user in a Profit environment, he/she will be given access to this environment.

  • You use the AFAS Online account when you sign on (your email address)
  • You will be given access to a Profit environment. You work under your Profit username in this environment.

    Example:

    Robert works at EnYoi International. His email address is robert@enyoi.com.

    Robert has the username 12345.Robert with the email address robert@enyoi.com in the O12345AB environment.

    After sign-on, Robert can open the O12345AB environment and he can work there as the 12345.Robert user.

Access to several environments with one AFAS Online account

If a user is known in multiple environments and with regard to multiple licences using the same email address, the user will also have access to the relevant environments. The following selection screen will then be displayed to the user after signing on to login.afasonline.com:

An accountant can obtain access to the environment of a customer in two ways:

  • The accountant is added as a cooperation user at the customer. This is the standard working method that has been used for many years. A cooperation user is included in the licensing total of the accountant (every licence has a maximum number of users).
  • The accountant is added as a user at the customer with his or her own email address. Since a user sees all licences to which he or she has access after signing on, he or she will also see the environment of the customer. This procedure becomes available in relation to the new sign-on method. If you add an accountant as a normal user in your own environment, the accountant will be part of your own licensing number.

Extensive example

In this example, John Williams has access to four environments based on one email address, that is, john@enyoi.com. This email address has been recorded in relation to one username in the four environments.

Environment

Name

Profit username

Linked email address

O12345AA

EnYoi Holland

12345.John

john@enyoi.com

O12345AB

EnYoi International

12345.John

john@enyoi.com

O99999AA

Nmbrs Accounting

99999.JW

john@enyoi.com

O99111AA

Retail Services

99999.JW

john@enyoi.com

If John signs on to AFAS Online, he can open one of the four Profit environments. He is a normal user in relation to three environments. He is a cooperation user coming from the O99999AA environment in relation to the fourth environment.

If a different email account is recorded in relation to one of the environments, this will also have consequences for the access through the AFAS Online portal. If, for example another email account is defined in relation to the O99999AA environment,, that is, williams@gmail.com. This will mean the following:

  • This user has access to two environments through john@enyoi.com.
  • Through williams@gmail.com he is entitled to his 'own' O99999.AA environment and the O99111AA environment (where he is a cooperation user).

Directly to

  1. Configuration with regard to the new sign-on
  2. Configure Messagebird for text messaging
  3. System requirements
  4. Before, during and after the change to two-factor authentication
  5. Before, during and after the change to single sign-on
  6. Citrix Receiver Frequently Asked Questions