Mandatory Multi-Factor Authentication in CAS 360 and Simple Fund 360

By March 8, 2019 March 27th, 2019 BGL Update, CAS 360, Homepage, News, Simple Fund 360

Keeping your data safe is our number one priority, and Multi-Factor Authentication is one of the most effective controls we can implement to increase data security.

Therefore, Multi-Factor Authentication (MFA) will become a mandatory sign-in requirement for CAS 360 and Simple Fund 360 users from 31 March 2019.

This means that users will be required to supply 3 pieces of information to verify their identity for login; a username, password and unique code sent by SMS to the users mobile or generated by the Google Authenticator (recommended option).

For Simple Fund 360 clients who use PLS, SuperStream or TBAR, MFA is mandatory for all ATO online applications.
Learn more on the ATO website: Security for digital services providers.

Check out the help resources below to learn how to implement MFA in your business:

BGLCorp

Author BGLCorp

More posts by BGLCorp

Join the discussion 5 Comments

  • Christopher Efstathakis says:

    That is very well & good! What do I have to do to use MFA on the 31 March 2019??
    What you are not sending specific instructions to your users who have Simple Fund 360?
    My membership is under the name of “Destiny2077 Pty Ltd”. Please check your records and advise me asap. Thank you!
    Chris

  • Alice Stubbersfield says:

    Hello, I am an auditor and an accountant using BGL. Will you be releasing a solution to facilitate our audit staff access, like Class have done?
    Or could you make email an MFA method for auditors?

    Otherwise I will look at a phone setup just to for the authenticator, I note the help page indicates it doesn’t need to be linked to the network to function.

    Cheers
    Alice

    • Teagan Crozier says:

      Hello Alice,

      Thank you for reaching out.

      At the moment an Accountant/Admin firm can edit your user roles so that you have permission to invite your staff.

      We have chosen not to support email codes due to security reasons. If someone can gain access to your email account, they would then be able to reset your password and get your MFA codes directly.

      Alternatively, if you cannot or do not want to use a mobile phone, a few other authentication options that can be used include:

      • USB tokens. An example is YubiKey. Plug in the YubiKey to a USB port and press the button on it
      • Desktop App. If you prefer to keep your MFA verification code generation separate from your browser, you can install a standalone desktop app such as winauth
      • Chrome Browser extensions. Using a Chrome extension will work on any device that runs the desktop version of the browser. Authenticator for Chrome, for example, works in Linux, on Google’s Chromebook laptops, as well as on Mac and Windows PCs.

      Should you require any further assistance, please do not hesitate to contact our Support Team on 1300 654 401.

    • Ron Lesh says:

      Alice, you have always been able to do this in Simple Fund 360 – long before Class even thought about it!

Leave a Reply

X