UKG is enhancing password requirements for all UKG solutions and requiring mandatory multifactor authentication (MFA) on all user accounts.
The most common cyberattacks often involve a cybercriminal obtaining a user’s credentials to gain access to privileged accounts and sensitive data. Our enhanced password and MFA requirements are designed to protect against that occurring and provide users with a more secure experience.
Helping you prepare for change
To help you prepare for these changes, and when and how they may impact your organization, we’ve created the following resources to answer common questions and to guide you through the steps for success.
What is multifactor authentication (MFA)?
It’s likely you’re already relying on MFA while logging in to other applications you routinely use, such as your online banking apps, social media, online shopping, and more.
MFA is a security protocol that requires more than one method of authentication to verify a user’s identity. For example, MFA requires something you know (like your login credentials) plus something you have (like a unique token or one-time identification code) prior to granting access. The goal of MFA is to create additional layers of validation to prevent unauthorized users from accessing important information. Think of MFA as an extra lock on your door. You have security with the first lock (password), but the second lock (MFA) provides that extra level of security.
MFA is a valuable security tool. Paired with your organization’s own security protocols and IT policies, MFA protects an individual end-user from unauthorized account access in the event their username or password is stolen or compromised.
Note: If you are a UKG Telestaff or UKG Workforce Central® customer and host the solution within your organization (on-premise), both the MFA and password requirements do not apply to you.
My organization uses Single Sign-On (SSO). Do these updates impact me?
No. If your organization is using SSO, these enhancements will not impact you. However, we strongly encourage you to configure MFA as part of your SSO solution. If you have a mix of employees who log in using SSO and others who do not, only the non-SSO users will be required to use MFA.
What are the minimum requirements for the new passwords and MFA?
Please closely review the MFA and password requirements on this page for specific guidelines that might apply to your specific role and/or UKG solution.
What is the start date for my organization to start complying with these changes?
Both the password and MFA policies will be enforced by UKG. The exact date by which you must comply with these changes will be communicated to you as part of the product release process you're already used to. Keep in mind, the release schedule you will follow for these updates will be your first point of UKG access, your “front door.”
Would I be able to modify the password policy and/or create different password policies for different users?
Yes, so long as the minimum requirements outlined by UKG are maintained.
Note: If you are using the UKG Pro® solution as your main point of access, then you will only be able to modify the minimum and maximum password length for your organization, as long as it falls within the outlined requirements.
What forms of MFA can my organization use?
Today, UKG users can authenticate their identity within their UKG solution via text, email, authenticator app (soft token), or voice using any phone number or email address. Once the updates are applied to your UKG solution, you can offer your employees one of the above options to authenticate.
Note: The availability of each authentication option may vary by solution, so please review the solution-specific information below.
If your organization uses more than one UKG solution, the MFA approach used to access your UKG solutions will be based on how you login to UKG (i.e., the “front door”). For example, if a user signs into their UKG Pro solution to access their UKG Pro Workforce Management solution (or UKG Pro Time and Scheduling), then the user will use the MFA options for UKG Pro. Learn more in our knowledgebase articles: UKG Kronos Community and UKG Ultimate Community.
Do I need to do anything about my data collection devices (non-mobile)?
Please refer to our Knowledgebase article for more information on data collection.
Note: You will need to be logged into the UKG Kronos Community to access this information.
What are the new requirements?
Password and MFA Requirements
Please review our knowledgebase articles: UKG Kronos Community and UKG Ultimate Community.
Which devices will be required to use MFA?
You will be required to use MFA on all devices connected to your UKG solution (including mobile devices), except for InTouch devices, Kiosk mode, and Time Stamp (web punch). Please closely review the solution- and role-specific MFA requirements on this page to find the requirements that might apply to your specific role and/or UKG solution.
When will my organization be required to comply with these password and MFA requirements?
All new customers are required to comply with these requirements upon go-live. If you are a new customer and have questions about this, please reach out to your project manager.
If you were live on UKG Pro, UKG Dimensions, UKG Ready®, or UKG Workforce Central prior to Fall 2022, you will receive email notification of the exact date by which you must comply with these requirements. To understand when these changes will impact you, please review our knowledgebase articles: UKG Kronos Community and UKG Ultimate Community.
We leverage UKG Pro® HR Service Delivery does our organization need to comply with these changes?
Yes, as you authenticate into your UKG solution via UKG Pro, you will follow the UKG Pro schedule.
Our organization uses only HR Service Delivery (HRSD). Are we impacted?
If you are an HR Service Delivery (HRSD) only customer, your solution is not impacted by the MFA and password requirements at this time.
We are an on-premise customer using UKG Workforce Central and/or UKG Telestaff. Do we need to comply with these changes?
If you host your UKG solution on-premise, you do not need to comply with these changes at this time.
Where can I find additional details on how to enable MFA and these new password standards?
Coming soon: Specific rollout dates for your UKG solution, solution-specific how-to material, and communication kits to support the employee rollout of these new requirements will be provided as part of your release information/readiness pages via the UKG Community.
If you use UKG Pro as your front door, please visit the UKG Ultimate Community. The UKG Kronos Community should be used for UKG Dimensions and UKG Ready solutions. Note: You will need to log into the UKG Community to access this information.
Remember, data security is everyone’s responsibility
Securing your data is a top priority for us at UKG. It’s all part of how we also secure your trust as a partner for life. Please watch your email and revisit this page often for additional updates on this important initiative.