Legion now utilizes Multi Factor Authentication (MFA) for both console and mobile login. This measure continues to strengthen the security of your worker accounts.
What is Multifactor Authentication (MFA)
Multifactor Authentication (MFA) is a critical security feature that protects Legion accounts. Instead of relying on just a password, MFA asks for an additional code sent to either a mobile device or email. This extra step makes it significantly harder for unauthorized users to gain access to accounts.
Note: this change does not affect customers utilizing SSO. For customers utilizing SSO, please work with your IT department to configure MFA for employees.
Using Legion Profile with Legion Instant Pay
As part of Legion Instant Pay, each InstantPay employee will also have a Legion Profile in order to access their funds and access wages ahead of their payday. This means that employees who use Legion InstantPay will be presented with a One Time Password, even if they have initially logged in using their corporate SSO account.
Changes to the Login Flow
In order to successfully login to Legion Profile, employees will need to authenticate using a two-step process.
- Users must first enter their email address and password.
- At certain times workers will answer a CAPTCHA challenge to prevent spam and abuse.
- In addition, for employees that login on a new device, the employee will need to enter a One Time Password.
- The One Time Password will be automatically sent to the user's verified email address.
- Alternatively, users can request to have the One Time Password sent to a verified phone number.
- You have successfully logged in.
One Time Password When Updating Sensitive Information
When updating sensitive information, such as email address or phone number, employees may also be required to enter a One Time Password. The One Time Password will be sent to the previously registered email or phone, as One Time Passwords can only be sent to verified contact details.
What Will Change on December 1, 2025
On the 1st of December, 2025, everyone logging into their Legion Profile or Legion InstantPay will see a prompt to enter a One Time Password (sent to your verified email) if you are logging in from a new device.
- Legion will treat all currently logged in employees as using a trusted device, and thus they will not be prompted for a One Time Password unless they switch devices.
- Trusted devices can be mobile phones or any web browser.
Preparation Checklist
- This applies to all employees who use the Employee Profile for logging in or using Legion InstantPay, this does not apply to SSO logins.
- Logged in employees, will stay logged in and have their device automatically marked as “trusted”.
- Ensure worker email address is up to date and is verified in the Legion Profile.
- Add a personal device phone number and verify it.
- As a reminder, if a device is compromised, the employee should login on a trusted device and navigate to Legion Profile -> Security Center and immediately logout from all devices.
Support and Resources
For further assistance or information please contact your Customer Success Manager.
Comments
0 comments
Please sign in to leave a comment.