[IN PILOT] Two-Factor/Multi-Factor Authentication

Modified on: Tue, 23 Sep, 2025 at 2:38 PM

Applies to:          Stayntouch PMS          


[IN PILOT] Two-Factor/Multi-Factor Authentication


Stayntouch PMS has now implemented Two-Factor (2FA)/Multi-Factor Authentication (MFA), which enhances security by requiring users to provide two or more forms of verification to access their account. 2FA/MFA reduces the risk of unauthorized access and protects sensitive information. Here are the key objectives of 2FA/MFA:

  1. Improved Security: By adding additional verification methods (e.g., something you know, something you have, or something you are), 2FA/MFA reduces the chances of cyberattacks, such as phishing, password guessing, or brute-force attacks.
  2. Protection Against Identity Theft: Even if a user's password is compromised, the additional verification steps make it harder for attackers to gain access.
  3. Mitigation of Weak Passwords: 2FA/MFA compensates for weak or reused passwords by adding extra layers of security, thus improving the overall security posture of the organization.
  4. Enhanced User Trust: Implementing 2FA/MFA signals to users that the organization prioritizes security, which can help build trust and confidence in the service.


By requiring multiple verification factors, 2FA/MFA significantly reduces the risk of unauthorized access, data breaches, and account takeovers.


2FA/MFA Criteria

  • Email address linked to the account needs to be up-to-date.
  • PMS user needs to have access to Google Authenticator app on their phone.
  • MFA for service providers must be activated by Stayntouch Admin. Please contact Customer Support to have the activated.
  • Once a PMS user authenticated their account with the Google Authenticator app, the authentication will be automatically saved for 30 days.
  • When 2FA/MFA is activated for the service provider, it will impact all users associated with the service provider group.
  • When a PMS user has selected to EMAIL CODE as the authentication method, the authentication will not be stored, meaning that the user will need to log in using MFA/OTP email the next time the user wants to access the PMS.


TABLE OF CONTENTS

FOR PROPERTY USER ROLES


To activate 2FA/MFA for users with access to a single property, the user will need to complete the following steps:


Step 1: Log Into Stayntouch PMS: The user will be requested to set up two-factor authentication when logging in to Stayntouch PMS.



Step 2: Two-Factor Authentication QR Code: The user will be able to set up two-factor authentication by scanning the QR code via their Google Authenticator app.





Step 3: Redirect To Login Screen: Once the QR code is scanned and the authentication code has been added, the user will be redirected to the login screen.



Step 4: Log In With Authentication Code: The user has now set up their Google Authentication app and can log in by using the authentication code displayed on their app.




Additional Use Case Scenario:

  • If a user does not have access to their Google Authenticator app, they will be able to EMAIL CODE to the email address that is associated with their PMS user.



  • When EMAIL CODE has been selected, a code is generated. Please note that the expiration will be adjusted; the code will remain active for 5 minutes.



  • The email will contain the following information:



  • The PMS user will be able to use the code to log into the PMS.

FOR SERVICE PROVIDER/MULTI-PROPERTY USER ROLES


For hotel chains managing multiple properties, role templates can be used to require MFA for users across properties. To require a user to log in with MFA based on an assigned service provider or Multi-Property role, the following steps need to be taken:


1. Define The Role:

  • Login as a service provider or Multi-Property user.
  • Navigate to the Configuration tab.
  • Click Roles & Permissions.
  • Click Create Template.
  • Give the template a name, select a dashboard, and enable the MFA Required toggle.
  • Assign permissions to the role and click Create User Role.



2. Activate The Role:

  • This creates records linking the permissions to the current hotel chain.



3. Assign The Role To A Service Provider/Multi-Property User:

  • From Configuration > People, select the user.
  • Assign them the role created under the Access section.
  • Click Save my changes.



Now that the user has a role assigned that requires MFA, upon their next login, they should be prompted to enroll in two-factor authentication. Disregarding any other roles or circumstances requiring two-factor, this will remain a requirement for that user as long as they assigned this particular role, or as long as MFA is required for that role template.


IMPORTANT NOTES

  • Hotel Admin users can activate MFA for specific user roles by navigating to Settings > Hotel & Staff > User Roles and enabling the MFA REQUIRED toggle for the necessary user roles.



  • Hotel Admin users can go to Settings > Hotel & Staff > User Setup and deactivate MFA for a specific user by deactivating and then reactivating the user, and then clicking the red RESET button to generate a password change and MFA reset.



  • If the Multi-Property functionality is enabled for your chain, and you have Multi-Property admin permissions, you can activate MFA for specific user roles for the entire chain by navigating to Configuration > Roles & Permissions.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.