1. Is Two Factor Authentication mandatory for users in BrightPay (Cloud)?
No it is optional. It can be made compulsory at the Organisation level or an individual user can enable Two Factor Authentication for their own Bright ID.
If a user is already using of one of Bright’s products such as Connect, BrightManager, BrightBooks, BrightPropose and has two factor authentication enabled for these products when the user logs into BrightPay (Cloud) for the first time, they will be asked for the code to verify by whatever option they have set up in BrightHub to receive the code, if not the code will be sent by email to the user as a default.
2. How do I enable Two Factor Authentication for users in BrightPay (Cloud)?
Once you are signed into BrightPay (Cloud), go to > My Organisations > Select your Organisation > Team Members > ‘2FA is Optional’
Once selected, you can then select the option to Require Two Factor Authentication for Organisation Members and Save.
If you need further guidance please view our help guide here.
3. What type of team members on an Organisation can enable Two Factor Authentication for all team members on an Organisation in BrightPay (Cloud)?
The owner and administrator team member roles will be able to enable Two Factor Authentication for all team members on an Organisation in BrightPay (Cloud).
4. If Two Factor Authentication is enabled on an Organisation for team members, what method do they use for the verification code by default?
If Two Factor Authentication is enabled on an Organisation, when any team member of that Organisation try to log into BrightPay (Cloud) then the verification code will be sent by email to the team member.
5. Can a user set up 2FA for their own Bright ID?
Yes this can be done on the user’s profile. Please select the icon in the top right hand corner of the screen, Select > Manage My Bright ID > Security tab
Where it displays 'To enhance the security of your Bright ID, we strongly recommend enabling Two-Factor Authentication' please select '2FA Settings' on the right.

You can choose your preferred Two Factor Authentication method:
- Authentication App
- Text
If you select Authentication App or email, you can select Save.
If you select Text message, you need to enter in your phone number and select Continue.
A verification code will be sent to your phone by text. You will need to enter this in the field provided. Select Continue. Your phone number is verified so the next time you log in, you will be required to enter a code that is sent via SMS to your phone
- If Authentication App is your method: Enter the verification code from your authenticator app.
- If Text message is your method: Your BrightID is protected with two-factor authentication. You must enter a verification code that is sent to your phone
- If email is your method: You must enter a verification code that is sent to your email address.
6. Which is the strongest method to use for Two Factor Authentication?
The authentication app is the strongest and preferred method, then text message, then email.
7. What authentication App can we use?
We recommend using the Microsoft Authenticator app but you can use Google Authenticator or Authy.
8. If a user is a member on multiple Organisations and Two Factor Authentication is enabled on only one of the Organisations, what happens?
If a user is a member of an Organisation that has Two Factor Authentication enabled and they want to access one of the other Organisations they are a member of, when they sign into BrightPay (Cloud) they will still need to go through the Two Factor Authentication process.
9. Can Two Factor Authentication be turned off for individual users?
If Two Factor Authentication is enabled on an Organisation all members on that organisation will need to complete the Two Factor Authentication process when logging into BrightPay (Cloud).
10. If a customer only wants certain members on their Organisation to have 2FA enabled, can this be done?
In this scenario, Two Factor Authentication would not be enabled on the Organisation, and individual members can enable Two Factor Authentication in their 'Manage My Bright ID' area in their profile and enable Two Factor Authentication and select the method they wish their code to be sent to.
11. How do I reset the 2FA on the account, if I cannot access my Bright ID or am locked out?
Please email brightpaysupport@brightsg.com and provide the following details For GDPR purposes.
Employee account - please contact your payroll processor or manager and ask them to email our support team confirming that you’d like your 2FA to be reset.
Manager Account - please contact your payroll processor and ask them to email our support team confirming that you’d like your 2FA to be reset.
User Account (Client Portal) - please contact your payroll processor and ask them to email our support team confirming that you’d like your 2FA to be reset.
Team Member ( Admin/Payroll processor) - please contact another Admin on the account and ask them to email our support team confirming that you’d like your 2FA to be reset. If there is no other Admin or Owner on the Account then we will need an email sent to us from the CEO or Business owner - giving their permission for this to be done.
Note: To change the 2FA method once set, please select the profile icon in the top right-hand corner and select Manage My Bright ID.

Under the Security tab, select 2FA Settings. Then choose the new 2FA method that you would prefer from the three options available. Save the settings.
Q. I no longer have access to my 2FA phone number. How do I regain access to my account?
A. If you can’t access the phone number registered for two-factor authentication (2FA):
- You won’t be able to remove or bypass 2FA yourself without access to the registered phone number.
- Please contact BrightPay Support by email or phone. After we verify your identity, we can switch your 2FA from your phone number back to your email.
-
To verify your identity, you will be asked to provide:
- The account email address
- Your company name
- Billing details (e.g. last 4 digits of card, recent invoice number, or other agreed‑upon details)
- Once your identity is confirmed, Support will update your 2FA so you can log in and set it up again with a new phone number.
- If your request is urgent (for example, you need to run payroll today), please call Support so we can prioritise your case.
The new HMRC Multi-Factor Authentication (MFA) is an additional layer of security applied to your HMRC online account. When signing in to your HMRC portal, you will be prompted to enter a one-time access code to help protect your account. Please note that this is an HMRC requirement and is not related to the BrightPay software.
Comments
0 comments
Article is closed for comments.