Intuit HelpIntuitDuo Multi-Factor Authentication (MFA) accessing Rightworks for Intuit Hosting
by Intuit•1• Updated 2 weeks ago
Rightworks offers the option of Duo Multi-Factor Authentication (MFA) for Intuit Hosting users. This article provides information on managing Duo for hosted users. For information regarding 2-Factor Authentication accessing your tax program, see this article instead.
Table of contents:
When enabled, where would I be prompted for Duo MFA?
When you set up Duo MFA for your Intuit Hosting Rightworks login you will be prompted to confirm when you sign in to the:
- Hosted environment—this is where Intuit Hosting users access their tax software and other installed apps.
- Rightworks File Manager—this website lets Intuit Hosting users move files between the hosted environment and their local computer.
- Rightworks AppHub—this website portal is where Intuit Hosting users can manage their Rightworks account. The functions available depend on a user's role, but can include adding/removing users, assigning packages, and more.
How can I turn on Duo MFA for my entire firm?
Only the Account Owner has access to complete these steps.
When you turn on Duo MFA as a requirement for your entire firm, everyone must complete the enrollment before they can sign in to the hosted environment again.
If you go back and turn this requirement off for the firm, each user will still need to complete the enrollment before they can turn off Duo MFA for their login.
- Sign in to the Rightworks AppHub.
- Go to Admin Controls  ⮕ Security.
- Select the Enable Multi-Factor Authentication for organizations slider.
- Read the pop-up asking if you are sure. You can select Cancel if you change your mind, otherwise select Enable MFA.
- Advise your users they will need to sign in to the Rightworks AppHub to complete the enrollment before they will be able to access the hosted environment.
How do I enable Duo MFA?
Each user who wants Duo MFA enabled will need to complete these steps themselves. If the Account Owner has turned on the setting to require this for all users, signing in to the Rightworks AppHub will prompt users to complete setup.
Once Duo MFA has been enabled, you must finish setting it up before you can turn it off if you change your mind.
- Sign in to the Rightworks AppHub.
- Select your name in the upper right and choose Edit Rightworks Account Profile.
- On the Security tab, switch the MFA Status to ON.
- Select your initials in the upper right and choose Log Out.
- Sign back in to the Rightworks AppHub. You will be prompted to Start setup.
- If it takes you right in to after signing in without prompting you to complete the enrollment, sign in to the Rightworks AppHub in an incognito or private window.
- Follow the prompts to complete enrollment.
How can I update Duo MFA to use my new phone/device?
If you kept the same phone number or you still have the old phone number/device, complete these steps:
- Sign in to the Rightworks AppHub.
- When prompted for Duo verification, request a phone call if you have a new mobile phone with the same phone number.
- Select your name in the upper right and choose Edit Rightworks Account Profile.
- On the Security tab, select Reset Devices.
- Select your initials in the upper right and choose Log Out.
- Sign back in to the Rightworks AppHub. You will be prompted to Start setup.
- If it takes you right in to after signing in without prompting you to complete the enrollment, sign in to the Rightworks AppHub ​in an incognito or private window.
- Follow the prompts to complete enrollment for your new phone/device.
What can I do if that's not an option?
If you have Duo MFA set up to push to a device other than a phone that you no longer have, or have a new phone with a new number and you no longer have access to the old phone/number, call for assistance.
For more information on how to contact Lacerte, as well as our operating hours, see here.
For more information on how to contact ProSeries, as well as our operating hours, see here.
How can I disable Duo MFA?
You won't be able to disable Duo MFA if the Account Owner has the setting turned on that requires it for all users. To disable Duo MFA for your login complete the following steps:
- Sign in to the Rightworks AppHub.
- Select your name in the upper right and choose Edit Rightworks Account Profile.
- Go to the Security tab and toggle MFA status to OFF.
How can I, the Account Owner, turn off the requirement for all users to use Duo MFA after activating it?
- Sign in to the Rightworks AppHub.
- Go to Admin Controls ⮕ Security.
- Select the Enable Multi-Factor Authentication for organizations slider.
- Choose Disable MFA.
- Advise your users that they will need to finish the Duo MFA enrollment, if they haven't already, before they'll be able to disable it for their login.
The username you entered is not enrolled with Duo Security
When trying to access the hosted environment, you get the message "The username you have entered is not enrolled with Duo Security. Please contact your system administrator."
Once Duo MFA is enabled by a user, or the Account Owner turns on the setting to require it for all users, you will need to finish the enrollment before you can access the hosted environment. Sign in to the Rightworks AppHub and follow the prompts to complete the enrollment.
If it takes you right in to the Rightworks AppHub after signing in without prompting you to complete the enrollment, sign in to the Rightworks AppHub in an incognito or private window.
Additional questions and answers
Do I need to pay to use Duo MFA?
No. Duo MFA is available to Intuit Hosting users at no additional charge.
I only use the website, can I set up Duo MFA?
Yes. Users who do not have a package assigned to them and only intend to use their login to access the Rightworks AppHub can still set up Duo MFA.
What methods of authentication are available with Duo MFA?
Duo defaults to pushing a notification, but when signing in you can re-select the phone number from the dropdown which will then let you choose to receive a text message or a phone call.
Can I choose the phone number to use when I set up Duo MFA?
Yes, when setting up Duo MFA you will be prompted to enter the phone number you would like to use for authentication.
What happens with Duo MFA when a user leaves the company?
The Account Owner, or an Account Admin, needs to go into AppHub and delete the appropriate user. Once that's complete, Duo MFA for that user will no longer exist on the Rightworks account.
Can the Account Owner or Account Admin reset my Duo MFA?
No, you will need to call for assistance if you need your Duo MFA reset and you can't complete these steps to update Duo MFA to use your new phone/device.
For more information on how to contact Lacerte, as well as our operating hours, see here.
For more information on how to contact ProSeries, as well as our operating hours, see here.
How can I tell if my users have set up Duo MFA?
The Account Owner/Account Admin can sign in to the Rightworks AppHub, go to Admin Controls  ⮕ Users, and look at the Security (MFA) column which will show either Enabled or Disabled for users.
How can I get a SOC report for Duo?
To obtain a SOC report for Duo, please refer to the DUO support website: https://duo.com/support
Why am I getting an error that my account is disabled?
If you have too many failed Duo attempts in a short timeframe and have been temporarily locked out you will receive the error:
Your account is disabled and cannot access this application. Please contact your administrator.
Why is the browser is not bringing up Duo setup?
If you don't get prompted to complete enrollment when signing in to the Rightworks AppHub after enabling it, sign in to the ​Rightworks AppHub​ in an incognito or private window.
What is the required version for iOS?
The current version of Duo Mobile requires iOS 16.0 or newer. If you already have Duo Mobile installed, you may need to update the app.
More like this
