UKG is enhancing password requirements for all UKG solutions and requiring mandatory multifactor authentication (MFA) on all user accounts.
The most common cyberattacks often involve a cybercriminal obtaining a user’s credentials to gain access to privileged accounts and sensitive data. Our enhanced password and MFA requirements are designed to protect against that occurring and provide users with a more secure experience.
To help you prepare for these changes, and when and how they may impact your organization, we’ve created the following resources to answer common questions and to guide you through the steps for success.
It’s likely you’re already relying on MFA while logging in to other applications you routinely use, such as your online banking apps, social media, online shopping, and more.
MFA is a security protocol that requires more than one method of authentication to verify a user’s identity. For example, MFA requires something you know (like your login credentials) plus something you have (like a unique token or one-time identification code) prior to granting access. The goal of MFA is to create additional layers of validation to prevent unauthorized users from accessing important information. Think of MFA as an extra lock on your door. You have security with the first lock (password), but the second lock (MFA) provides that extra level of security.
MFA is a valuable security tool. Paired with your organization’s own security protocols and IT policies, MFA protects an individual end-user from unauthorized account access in the event their username or password is stolen or compromised.
Note: If you are a UKG Telestaff or UKG Workforce Central® customer and host the solution within your organization (on-premise), both the MFA and password requirements do not apply to you.
No. If your organization is using SSO, these enhancements will not impact you. However, we strongly encourage you to configure MFA as part of your SSO solution.
Please closely review the MFA and password requirements on this page for specific guidelines that might apply to your specific role and/or UKG solution.
Both the password and MFA policies will be enforced by UKG. The exact date by which you must comply with these changes will be communicated to you as part of the product release process you're already used to. Keep in mind, the release schedule you will follow for these updates will be your first point of UKG access, your “front door.”
Yes, so long as the minimum requirements outlined by UKG are maintained.
Note: If you are using the UKG Pro® solution as your main point of access, then you will only be able to modify the minimum and maximum password length for your organization, as long as it falls within the outlined requirements.
Today, UKG users can authenticate their identity within their UKG solution via text, email, authenticator app (soft token), or voice using any phone number or email address. Once the updates are applied to your UKG solution, you can offer your employees one of the above options to authenticate.
Note: The availability of each authentication option may vary by solution, so please review the solution-specific information below.
If your organization uses more than one UKG solution, the MFA approach used to access your UKG solutions will be based on how you login to UKG (i.e., the “front door”). For example, if a user signs into their UKG Pro solution to access their UKG Pro Workforce Management solution (or UKG Pro Time and Scheduling), then the user will use the MFA options for UKG Pro. Learn more in our knowledgebase article.
Please refer to our Knowledgebase article for more information on data collection.
Note: You will need to be logged into the UKG Community to access this information.
Password and MFA Requirements
Please review our knowledgebase article.
You will be required to use MFA on all devices connected to your UKG solution (including mobile devices), except for InTouch devices, Kiosk mode, and Time Stamp (web punch). Please closely review the solution- and role-specific MFA requirements on this page to find the requirements that might apply to your specific role and/or UKG solution.
All new customers are required to comply with these requirements upon go-live. If you are a new customer and have questions about this, please reach out to your project manager.
If you were live on UKG Pro, UKG Dimensions, UKG Ready®, or UKG Workforce Central prior to Fall 2022, you will receive email notification of the exact date by which you must comply with these requirements. To understand when these changes will impact you, please review our knowledgebase article.
Yes, as you authenticate into your UKG solution via UKG Pro, you will follow the UKG Pro schedule.
If you are an HR Service Delivery (HRSD) only customer, your solution is not impacted by the MFA and password requirements at this time.
If you host your UKG solution on-premise, you do not need to comply with these changes at this time.
Coming soon: Specific rollout dates for your UKG solution, solution-specific how-to material, and communication kits to support the employee rollout of these new requirements will be provided as part of your release information/readiness pages via the UKG Community.
Securing your data is a top priority for us at UKG. It’s all part of how we also secure your trust as a partner for life. Please watch your email and revisit this page often for additional updates on this important initiative.