Use Multi-Factor Authentication

Multi-Factor Authentication (MFA) adds enhanced security to your CCH iFirm site. It is a method of confirming your identity to better protect your firm and your client’s data. You are granted access to CCH iFirm only after successfully presenting an additional piece of evidence to your password, such as an authentication code received by e-mail, a text message, or a smart phone application like Google Authenticator.

Watch this video for a demonstration of how Multi-Factor Authentication works.

Contents

Register for Multi-Factor Authentication

You are required to register for Multi-Factor Authentication on each device used to access CCH iFirm, including computers, tablets and smartphones and each browser used on each device. When you log in to CCH iFirm from any computer or device that has not yet been registered for Multi-Factor Authentication, you will be redirected to the Multi-Factor Authentication page. If you log in to CCH iFirm using a different device, or the same device but on a different browser, you will need to register once more.

  1. On the Multi-Factor Authentication page, select your preferred option for receiving the authentication code: Google Authenticator, e-mail, or text message.
  2. Click Proceed, then follow the steps below, depending on the authentication option you chose.

Back to top

First-time registration via Google Authenticator

You can register your mobile device using Google Authenticator by logging into the application and accessing your user settings to configure the site’s QR code.

  1. Install the Google Authenticator app on your mobile device, from either the Android Play Store or Apple Store.
  2. Once installed, open the Google Authenticator app on your mobile device.
  3. Log into the CCH iFirm site using the E-mail to or Text message to option.
  4. Go to Settings > Users and select the user. In the Edit User page, click the Multi-Factor Authentication tab and, in the Google Authenticator App section, click the Setup button. Follow the steps to add Google as an authentication option.
  5. On your mobile device, tap the Begin Setup button, then tap the Scan barcode link.
  6. Next time you log in to your CCH iFirm site and reach the Multi-Factor Authentication page, select the Google Authenticator option and click Next. Then, in the Authentication code box, enter the code generated by the app on your mobile device.
  7. Click Submit.

Notes:
  • The next time you log into the site, you will only be asked for the code generated in the Google Authenticator app; you will not need to scan the QR code again.
  • Please be aware that you will have to register for the Multi-Factor Authentication every 90 days for each device or browser.
Optional: To avoid having to register again for the next 90 days when using this device or browser, select the Remember me check box, then enter a name for the device and/or browser you are using.
Important: The Remember me feature should not be selected if you are using a public or shared computer or device.

 

Back to top

Register via e-mail

  1. On the CCH iFirm Multi-Factor Authentication page, once you selected E-mail and clicked Proceed, an e-mail containing an authentication code will be sent to you.
  2. In the Authentication code box of the CCH iFirm Multi-Factor Authentication page, enter the code you received.

    Optional: To avoid having to register again for the next 90 days when using this device or browser, select the Remember me check box, then enter a name for the device and/or browser you are using.

    Important: The Remember me feature should not be selected if you are using a public or shared computer or device.

  3. Click Submit.

Back to top

Register via text message

  1. On the CCH iFirm Multi-Factor Authentication page, once you selected Text message to and clicked Proceed, an authentication code will be sent in a text message to the registered mobile number in your CCH iFirm user account.
  2. In the Authentication code box of the CCH iFirm Multi-Factor Authentication page, enter the code you received.

Optional: To avoid having to register again for the next 90 days when using this device or browser, select the Remember me check box, then enter a name for the device and/or browser you are using.

Important: The Remember me feature should not be selected if you are using a public or shared computer or device.

  1. Click Submit.

Back to top

Remember me feature

The Remember me feature is suitable if you often use the same device and/or browser to access your CCH iFirm site. It enables the system to remember (for 90 days) the particular device and/or browser you are using, so you do not have to go through the authentication process every time you log in to your CCH iFirm site. The next time you log in to CCH iFirm using that device and/or browser, you will bypass the Multi-Factor Authentication page and, therefore, you will not have to enter an authentication code.

For security reasons, this feature works for 90 days for each device and/or browser you add. When the 90 days are up, you will need to go through the authentication process once more.

Within your CCH iFirm user account, you can manage the devices and browsers you have asked the system to remember.

Back to top

Manage your MFA information and registered devices

  1. Access your CCH iFirm user account.
  2. Click the Multi-Factor Authentication tab to:
    1. View your authentication information:
    • The e-mail address that will be used if you select the E-mail authentication option. This is for reference purposes only. If you need to change the address, you can do it on the Details tab.
    • The mobile number that will be used if you select the Text message to authentication option. This is for reference purposes only. If you need to change the mobile number, you can do it on the Profile tab.
      • The Admin user can have a single mobile number added to the Profile tab for this purpose.

    • With respect to the Google Authenticator option:
  • If you have not already set this up during the MFA registration process, you can click the Setup button and follow the steps to add Google as an authentication option.
  • If you did use this option but you changed your mobile phone or removed its link to CCH iFirm, you can click the Reset button to generate a new QR code.
  1. View the list of the devices and browsers that you added via the Remember me feature.

Optional: To remove (unregister) one or more devices:

  1. Select the check box for the device(s).
  2. Click the Revoke button.
  3. Click Yes to confirm that you want to revoke the selected registered device(s).

Back to top

One-time access code for firm administrators

We have improved our multi-factor authentication (MFA) process for firm users who need to reset their lost password by clicking the Forgot your password link.

During the recovery process, when prompted for MFA, users will not be able to use the MFA E-mail to option. They will need to use the Google Authenticator or Text Message to options. We recommend that users proactively configure one of these two options if not already done.

Firm administrators who have the MFA Generate One-Time MFA Code security role, will be able to generate a one-time access code, which will be valid for 10 minutes, for users who are not able to complete the MFA process using the Google Authenticator or the Text Message to option.

To create a one-time MFA access code, open the Edit User page by clicking Settings/Users and selecting the user. Then, click Create a one-time MFA access code to get the code, which will be valid for 10 minutes.

Back to top

Reset a password from CCH iFirm

It is possible for the Admin user or a user with the security right Security – View, Add and Edit Users to reset a password for firm users.

When prompted for MFA during the recovery process, users will be able to use the MFA E-mail to option.

Back to top