Signing on using two-factor authentication

With 2 factor authentication, logging in consists of two steps: you log in with your e-mail address and password and then you confirm the registration with your smartphone.

The password applies to Profit Windows and InSite but not to OutSite.

Note:

This page does not apply with regard to single sign-on. The Profit administration in your organisation will indicate how you need to sign on with regard to single sign-on.

Have you forgotten your telephone? Next, you may be able to log in through a colleague who can log in using 2-factor authentication.

Signing on to Profit Windows

1. Go to www.afasonline.nl.

   Note:

   Do you not have access to Profit Windows but only to InSite? Go immediately to the URL https://12345.afasinsite.nl. Replace 12345 with your own participant number.

2. Enter your password.
3. Click Log in.

   If you use AFAS Pocket:	If you use text messaging:	If you use an authentication app
   Click Accept... and you will be signed on automatically.	You will receive an text message with a code: Type the code in the Online Portal. Your organisation needs to have Messagebird set up for this option.	Open the authentication app. There is a code at AFAS Online. Type the code in the Online Portal.

4. Click a tile to start Profit or InSite.

   

   Your administrator must add the InSite tile. Are the tiles not visible?

5. When Profit is selected, the Portal will immediately detect whether Citrix Receiver has been installed. If this is not the case, click Download to download and install Citrix Receiver. If you receive an update message from Citrix Receiver, you can ignore it.

   

6. If detecting takes longer while you have already installed Citrix Receiver, you can skip the detecting phase by selecting Already installed.
7. Give your consent for Citrix Receiver to be started.

   

   The Profit environment will now be opened.

8. In the case of multiple environments, select the environment (you no longer need to enter a username and password here). If you do not know which environment you need, use Options/Show environment description .

   

See also:

• Using a web version instead of Citrix Receiver

  AFAS recommends Citrix Receiver to run Profit Windows. If you can't install Citrix Receiver, you can run Profit Windows in a browser with Use web version. Use a browser supported by AFAS.

Signing on into InSite

To start InSite, you can also immediately go to https://12345.afasinsite.nl. Replace 12345 with your own participant number. You will then also sign on using two-factor authorisation as explained above.

Change or forgotten password

You set your password the first time you log in. Below you can read how to change your password or set a new one if you have forgotten it.

The Profit administrator in your organisation or AFAS Support cannot change your password, you must do this yourself.

To change the password:

1. Log into www.afasonline.nl.
2. Use the option below in the portal.

   

If you have forgotten your password:

1. Click I forgot my password in the login screen.

   

Trust device for 7 days

You can approve the device you are logging into for 7 days as a trusted device. This means that when logging into AFAS Online for 7 days you will only need to enter your password.

This device (usually your PC) is then temporarily the second factor instead of your phone. After 7 days, the second factor screen will again be displayed when logging in and you can trust the device again.

If you log into several devices, each device must be trusted separately.

Note:

Do not use this setting on public devices or shared devices! Use this setting when only you use the device. If you have mistakenly trusted a device, find out how to cancel this.

Background

During testing by an external security company, a recommendation was made that users become 'tired of receiving alerts and notifications' and they do not know which login request they are subsequently accepting. After all, a hacker can create a login request for which there is a good chance that the user simply accepts it (especially if the login moment also corresponds with the moments when the user normally logs in). In order to reduce these moments, it has been decided to move the second factor to the device on which users log in. A hacker is less likely to create a login request at the right time and a user now only receives a notification once every 7 days (which is also expected). This solution ensures that instead of your phone being the second factor, it is now the device (browser) that is the second factor that you use to log in. In fact, you are not trusting the device, but you are trusting the browser on this device. This method is as safe as your mobile phone.

Trusting public devices is not a wise thing to do, nor is storing passwords in browsers. It is not wise either to log into a device under the same account as that of the device.

With this solution you can only log into AFAS Online. If you want to change any of the details that you can use when logging in (such as your telephone number, password and AFAS Pocket), all trusted devices will be deleted when you log in again. At AFAS, we do everything we can to make the use of AFAS Online as safe as possible. We are in constant contact with security firms who advise us on this. This ensures that we always keep up with the latest insights in the field of security. However, it is possible for customers to implement a different security policy by using their own Identity Provider.

Trust the device:

When logging in, select Trust this device for 7 days. After 7 days, confirmation is again requested through AFAS Pocket or text messaging when logging in. You can then again select Trust this device for 7 days.

Device no longer trusted:

You can delete the trusted devices through the settings. This may be necessary, for example, if you have accidentally trusted a public device or if your computer has been stolen.

To do this, go to https://login.afasonline.com/security and click Remove trusted devices. The next time you log in, you need to log in again with two-factor authentication.

Signing on in relation to several licences

You can have access to environments of multiple licences. This applies in the following situations:

• You are a cooperating user (for example, an accountant). An external affiliated user can log in both in his/her own environment as well as in the environments of customers. External affiliated users always log in with two-factor authentication.
• Your email address has been recorded in different environments (in relation to different licences) with regard to a user.

You can use the following URLs if you have several licences:

• www.afasonline.nl

  The following window will be displayed when you sign on to this URL for the first time:

  

• login.afasonline.com/12345 where you should replace 12345 by your own participation number that you want to see after signing on.

Changing the participation number:

If you are already signed on to an environment and you want to sign on to an environment of another participant number, first return to the AFAS Online Portal.

Select the required participant number in one of these ways:

• Use the drop-down list
• Click a tile under Subscriptions.

The administrator can configure an image (logo) to be displayed on the tile. The administrator does this on the above page by using Management/Organisation logo.

I have no smartphone coverage and no Wi-Fi

If your smartphone has no coverage, you can still log in with AFAS Pocket.

Note:

When you first log in, you must have coverage through your provider or through Wi-Fi. Ensure you have linked AFAS Pocket. After you have done this, the following applies.

1. Go to www.afasonline.nl
2. Enter your password and click Log in.
3. Click Problems when logging in.
4. Open AFAS Pocket on your smartphone.
5. Tap the shield at the top. If this is not shown, go to Settings/Two-factor authentication.

   

   Do you have several accounts? Ensure you use the account with the correct email address.

6. Log in with the code.

Signing out Profit Windows

You do not have to log off. You only need to exit the application.

Press Alt+F4 or click the cross to exit.

Forced signing off:

This may be required when a session of Citrix Receiver has frozen.

1. Open the System Tray.
2. Click Citrix Receiver using the right mouse button.
3. Click Connection Centre.

   

4. Click Log Off.

Forced logout through the keyboard:

Press Ctrl+F1 and select Sign out.