Universal Login Multifactor Authentication

Overview

While passwords are the first line of defense, Multifactor Authentication (MFA) adds an additional step to ensure that only you can access your account. With MFA, even if someone gets your password, they still need a second form of verification to log in. This greatly reduces the risk of unauthorized access and enhances your overall security. This feature has limited capabilities and may not be fully functional for all clients.

How MFA works

Follow the steps below for the Universal Multifactor Authentication process for web login. For a visual demonstration refer to the video here. This feature is currently not supported for mobile login. If this is enabled, you will not be able to use the Mobile app. Mobile support will be coming soon.

  1. User enters their username and password as usual.
  2. An access code is emailed to the user and they are directed to the access code screen.
  3. Enter the access code.
  4. The user is then authenticated and redirected to the Home screen.

Enablement Request

Assumption: Users are set up with a unique Bullhorn User Account with a primary email address.
  1. Ensure every ATS user account under your corp has an active email address.
    1. Users without an active email address cannot log in once enabled.
    2. DO NOT add email addresses to API users, these will not be affected.
  2. Send out communications to your users that this feature will be enabled on a particular date. Feel free to link them to this video for a visual demonstration.
  3. Raise a case through our community or call into support, please let us know your preferred enablement date and we will work with you to find a time that works best.
  4. Once Bullhorn enables this feature it will be active for all users. Ensure communications have been sent to your users before you request enablement to prevent any confusion.

The request is finished. You'll now enjoy an additional layer of protection every time you log in.

FAQs

  • If I have an SSO provider, can I be enabled? No, we advise that MFA is done by the SSO provider.
  • What factors of authentication are currently supported? Email only.
  • Does it remember the browser? No, at this time it will not retain browser information.
  • Does the user need to use the MFA every time they log in after this feature is enabled? Yes, going forward after enablement, all users will be prompted to every time to enter the code sent to their email.
  • How long is the emailed token valid for? The MFA Token is valid for about 300 seconds or 5 mins.
  • If I have API Users, will they be prompted for an access token? No, API users that are only accessing our REST APIs will not be prompted for an access token.