Deel IT offers an enhanced security feature to its entire customer base so that you can ensure your team members always log onto the Hofy platform safely and securely by using their work email address and one of the single sign on (SSO) providers.
This is a self-serve feature, so you don't need the Deel IT team to set these up for you.
We advise following Hofy's recommended safe practices - all outlined below
Please note if you wish to enforce SSO for users onboarded from HR integration, all users will need to sign in by typing in their username and password the first time they log in. The SSO can be enforced with subsequent logins.
[ACCORDION] Social Login
If your company had been on the Hofy Entry tier prior to the Deel IT migration, you may enforce Google or Microsoft SSO for your team members, meaning your they will have to sign in through Google SSO using their work email address.
If this is turned on, then your team members would not be able to log in with their work email and a password. It will automatically redirect them to their sign-in provider.
[ACCORDION] SAML 2.0 login
If your organisation was on Hofy Lite, Pro or Enterprise prior to the Deel IT migration, in addition to Google and Microsoft SSO, you have also the other option to connect and enforce your company SAML.2.0 login of choice (like Okta, for example).
Please check with your SAML provider for instructions on how to setup SAML 2.0.
The key steps are the same, however your own SAML settings may differ - you will need to to enable SAML integration and provide SAML IDP Metadata URL.
Note: Users can still sign in using personal email addresses, such as new starters who haven’t been assigned a work email yet. You can still use any method for sign in with personal email addresses.
[ACCORDION] Enforcing two-factor authentication
This feature is available for all Deel IT customers.
We support only two-factor authentication (2FA) by time-based one-time password (TOTP). A code could be generated in any app for this purpose.
[ACCORDION] Deel IT recommended safe practices:
- Two factor authentication: If you are using username and passwords to log in, turn on two factor authentication. It helps to keep out anyone who shouldn’t have access to your account by requiring you to use a secondary factor on top of your username and password to log in to your account.
- Use strong and unique passwords
Creating a strong, unique password for every account is one of the most critical steps that you can take to protect your privacy. Using the same password to log in to multiple accounts, such as your Google account, social media profiles and retail websites, increases your security risk.- A password manager, like the one built into your Google account or Bitwarden, helps to protect and keep track of the passwords that you use on sites and apps. Google’s Password Manager helps you create, remember and securely store all your passwords to safely and easily sign in to your accounts.