Duo Multi-Factor Authentication (MFA) accessing Rightworks for Intuit Hosting

Rightworks offers the option of Duo Multi-Factor Authentication (MFA) for Intuit Hosting users. This article provides information on managing Duo for hosted users. For information regarding 2-Factor Authentication accessing your tax program, see this article instead.

In this article (select to jump to):

• When enabled, where would I be prompted for Duo MFA?
• How can I turn on Duo MFA for my entire firm?
• How do I enable Duo MFA?
• How can I update Duo MFA to use my new phone/device?
• How can I disable Duo MFA?
• The username you entered is not enrolled with Duo Security.
• Additional questions and answers.

When enabled, where would I be prompted for Duo MFA?

When you set up Duo MFA for your Intuit Hosting Rightworks login you will be prompted to confirm when you sign in to the:

• Hosted environment – this is where Intuit Hosting users access their tax software and other installed apps.
• Rightworks File Manager – this website lets Intuit Hosting users move files between the hosted environment and their local computer.
• Rightworks AppHub – this website portal is where Intuit Hosting users can manage their Rightworks account. The functions available depend on a user's role, but can include adding/removing users, assigning packages, and more.

Back to the Top

How can I turn on Duo MFA for my entire firm?

Only the Account Owner can turn on Duo MFA for the entire firm. When this feature is off, individual users can still activate Duo MFA if they want.

1. Sign in to the Rightworks AppHub.
2. Go to the Admin Console.
3. Select the Security tab.
4. Select the Enable Multi-Factor Authentication for organizations slider.
5. Read the pop-up asking if you are sure. You can select Cancel if you change your mind, otherwise select Enable MFA.
6. Advise your users they will need to sign in to the Rightworks AppHub to complete the enrollment before they will be able to access the hosted environment.

Back to the Top

How do I enable Duo MFA?

Each user who wants Duo MFA enabled will need to complete these steps themselves. If the Account Owner has turned on the setting to require this for all users, signing in to the Rightworks AppHub will prompt users who haven't already completed enrollment to start the setup.

1. Sign in to the Rightworks AppHub.
2. Select your name in the upper right and choose Security Settings.
3. Select Enable MFA.
   • Once Duo MFA has been enabled, you must finish setting it up before you can turn it off if you change your mind.
4. Select your name in the upper right again and choose Log out.
5. Sign back in to the Rightworks AppHub. You will be prompted to Start setup.
6. Follow the prompts to complete enrollment.

Back to the Top

How can I update Duo MFA to use my new phone/device?

If you have Duo MFA set up to push to a device you no longer have, or have a new phone with a new number and no longer have access to the old one, call to speak with a hosted expert.

For more information on how to contact Lacerte, as well as our operating hours, see here.

For more information on how to contact ProSeries, as well as our operating hours, see here.

If you still have the old phone/device, complete these steps:

1. Sign in to the Rightworks AppHub.
2. Select your name in the upper right and choose Security Settings.
3. Select Reset MFA.
4. Close the notification that it's been reset.
5. Select your name in the upper right again and choose Log out.
6. Sign back in to the Rightworks AppHub. You will be prompted to Start setup.
7. Follow the prompts to complete enrollment for your new phone/device.

If you have a new mobile phone but kept the same number, complete these steps:

1. Start signing in to the Rightworks AppHub.
2. On the Duo screen, select My Settings & Devices.
   • If your screen is smaller, you will need to select Settings to see this option.
3. To get a phone call choose Call Me or, to get a texted code, select Enter a Passcode then Text me new codes.
4. Enter the code, then choose Log In.
5. Select Device Options.
6. Choose Reactivate Duo Mobile.

Back to the Top

How can I disable Duo MFA?

You won't be able to disable Duo MFA if the Account Owner has the setting turned on that requires it for all users. To disable Duo MFA for your login complete the following steps:

1. Sign in to the Rightworks AppHub.
2. Select your name in the upper right and choose Security Settings.
3. Choose Disable MFA.

How can I, the Account Owner, turn off the requirement for all users to use Duo MFA after activating it?

1. Sign in to the Rightworks AppHub.
2. Go to the Admin Console.
3. Select the Security tab.
4. Select the Enable Multi-Factor Authentication for organizations slider.
5. Select Disable MFA.
6. Advise your users that they will need to finish the Duo MFA enrollment, if they haven't already, before they'll be able to disable it for their login.

Back to the Top

The username you entered is not enrolled with Duo Security.

When trying to access the hosted environment, you get the message "The username you have entered is not enrolled with Duo Security. Please contact your system administrator."

Once Duo MFA is enabled by a user, or the Account Owner turns on the setting to require it for all users, you will need to finish the enrollment before you can access the hosted environment. Sign in to the Rightworks AppHub and follow the prompts to complete the enrollment.

Back to the Top

Additional questions and answers.

Do I need to pay to use Duo MFA?

No. Duo MFA is available to Intuit Hosting users at no additional charge.

I only use the Rightworks AppHub, can I set up Duo MFA?

Yes. Users who do not have a package assigned to them and only intend to use their login to access the Rightworks AppHub can still set up Duo MFA.

What methods of authentication are available with Duo MFA?

You can choose to receive a text message, a push to the duo application on your device, or a phone call.

Can I choose the phone number to use when I set up Duo MFA?

Yes, when setting up Duo MFA you will be prompted to enter the phone number you would like to use for authentication.

What happens with Duo MFA when a user leaves the company?

The Account Owner, or an Account Admin, needs to go into AppHub and delete the appropriate user. Once that's complete, Duo MFA for that user will no longer exist on the Rightworks account.

Can the Account Owner or Account Admin reset my Duo MFA?

No, you will need to call to speak with a hosted expert for assistance if you need your Duo MFA reset and you can't complete these steps to update Duo MFA to use your new phone/device.

For more information on how to contact Lacerte, as well as our operating hours, see here.

For more information on how to contact ProSeries, as well as our operating hours, see here.

How can I tell if my users have set up Duo MFA?

The Account Owner, or a user with the Account Admin role, can sign in to the Rightworks AppHub, go to the Admin Console, select the Users tab, and look at the Security (MFA) column which will show either Enabled or Disabled for users.

How can I get a SOC report for Duo?

To obtain a SOC report for Duo, please refer to the DUO support website: https://duo.com/support

Why am I getting an error that my account is disabled?

If you have too many failed Duo attempts in a short timeframe and have been temporarily locked out you will receive the error:

Your account is disabled and cannot access this application. Please contact your administrator.

Back to the Top