The Australian Taxation Office (ATO) mandates that all users accessing Single Touch Payroll (STP) must use MFA for enhanced security. MFA significantly reduces the risk of unauthorized access to payroll data, protecting both employer and employee information.
If your data is hosted by Attaché Cloud Hosted Services, Attaché must provide MFA on login to Attaché Payroll as a minimum-security requirement. See: ATO - requirements for products and services - ATO Software Developers.
📌 Notes:
If you are using Attaché Payroll on-premise, your Windows security provides the required security levels, and MFA is not required.
If your Attaché is hosted by Attaché Cloud Hosted Services, or hosted by any other Digital Service Provider, you should be using MFA logging in to Attaché payroll.
Clients not using Attaché Payroll (i.e. Attaché Accounts only) are not required to have MFA set up.
2 step authentication is also required when logging into your STP system. This is a separate authentication setup to MFA at login to Attaché Payroll. See: Attache Payroll: Set up and use 2 step authentication for Single Touch Payroll in Attache Online.
Switching on Multi-Factor Authentication (MFA) If you are using Attaché Cloud Hosted Services or in another hosted environment
To have the MFA feature switched on for Attaché, please raise a new case online and reference the title of this article.
Once the feature has been activated, you will be notified by the Support Engineer handling the case.
Once you have been notified, follow the steps below to set up MFA when logging in to Attaché.
To set up Multi-Factor Authentication with the Google Authenticator App on a phone
Every user that accesses Attaché will have to set up an Authenticator app on their phones to use MFA. The instructions below are for setting up the Google Authenticator App. Users will need their iOS/Apple/Mac or Android phone/mobile device to complete these steps.
Install the Google Authenticator app on your iOS or Android device. See: Get verification codes with Google Authenticator.
Open the app and allow it to access your camera.
Move Multi-Factor Authentication with the Google Authenticator App to a new device
See: Get verification codes with Google Authenticator link above, specifically the section in the article: Transfer your Google Authenticator codes.
Setting Multi-Factor Authentication when first logging into Attaché
After MFA has been activated, Login to Attache.
Enter Username and Password on Login screen.
Select Login.
The Multi Factor authentication screen will appear.
From your Google Authenticator phone app, Tap the + symbol (for iOS) or Begin Setup (for Android).
Tap Scan a barcode.
Scan the QR code displayed on the Multi Factor Authentication screen. If you can't scan the QR code, type the Google Authenticator key into the Google Authenticator app.
Note: the QR code screen looks exactly the same as the 2-step authentication QR code screen when setting up STP.
Note the 6-digit authenticator code displayed in the Authenticator app on your phone.
Enter the 6-digit verification code into the 6-digit verification field within the Attaché 2-Step authentication screen and click the Verify button.
You now have MFA/2-step authentication set up on your mobile device to work securely with Attaché.
Using Multi-Factor Authentication when logging in to Attaché
Login to Attaché.
Enter your Username and Password at the Login screen.
Select Login.
Using your Google Authenticator app, obtain the 6-digit authenticator code, and enter it into the 6-digit code from your app field that appears directly after logging in, as per the screen shot below.
Select Verify.
You should now be logged into Attaché.