Hofy offers an enhanced security feature to its entire customer base so that you can ensure your team members always log onto the Hofy platform safely and securely by using their work email address and one of the single sign on (SSO) providers.
This is a self-serve feature, so you don't need the Hofy IT team to set these up. As a Hofy manager, please head to your name in the bottom left-hand corner and select 'Settings' then 'Security.'
We advise following Hofy's recommended safe practices - all outlined below
Please note if you wish to enforce SSO for users onboarded from HR integration, all users will need to sign in by typing in their username and password the first time they log in. The SSO can be enforced with subsequent logins.
[ACCORDION] Social Login
If your company is on the Hofy Entry tier, you may enforce Google or Microsoft SSO for your team members, meaning your they will have to sign in through Google SSO using their work email address.
If this is turned on, then your team members would not be able to log in with their work email and a password. It will automatically redirect them to their sign-in provider.
[ACCORDION] SAML 2.0 login
If your organisation is on Hofy Lite, Pro or Enterprise, in addition to Google and Microsoft SSO, you have also the other option to connect and enforce your company SAML.2.0 login of choice (like Okta, for example).
Please check with your SAML provider for instructions on how to setup SAML 2.0.
The key steps are the same, however your own SAML settings may differ - you will need to to enable SAML integration and provide SAML IDP Metadata URL.
Note: Users can still sign in using personal email addresses, such as new starters who haven’t been assigned a work email yet. You can still use any method for sign in with personal email addresses.
[ACCORDION] Enforcing two-factor authentication
This feature is available on all Hofy tiers.
We support only two-factor authentication (2FA) by time-based one-time password (TOTP). A code could be generated in any app for this purpose.
Under 'Settings' then 'Security,' we’ve adding a new option for Managers to enforce two-factor authentication.
To enable it, please head to your 'Profile' > 'Edit Profile' > 'Security' tab and enable two-factor authentication for yourself, then go to 'Settings' > 'Security' to enable 2FA for whole company.
This will mean any new or existing users will have to set up two-factor authentication before they can log into Hofy. Any user currently logged in will also be shown a 2FA setup screen
[ACCORDION] Hofy's recommended safe practices
- Two factor authentication: If you are using username and passwords to log in, turn on two factor authentication. It helps to keep out anyone who shouldn’t have access to your account by requiring you to use a secondary factor on top of your username and password to log in to your account.
- Use strong and unique passwords
Creating a strong, unique password for every account is one of the most critical steps that you can take to protect your privacy. Using the same password to log in to multiple accounts, such as your Google account, social media profiles and retail websites, increases your security risk.- A password manager, like the one built into your Google account or Bitwarden, helps to protect and keep track of the passwords that you use on sites and apps. Google’s Password Manager helps you create, remember and securely store all your passwords to safely and easily sign in to your accounts.