CS Professional Suite application security overview

Show expandable text

The IRS mandates certain security measures in our software to help protect tax preparers and taxpayers. These security measures require you log in to any software related to the preparation of tax returns, so you and your staff must log in to your CS Professional Suite applications. The credentials you use depend on the CS Professional Suite products you have licensed. See the information below for more detail about CS Professional Suite security.

Note: These changes do not impact versions of UltraTax CS prior to 2016.1.0.

Multi-factor authentication (MFA): We strongly advise you to employ multi-factor authentication for additional security. To enable this added layer of protection, we have introduced the Thomson Reuters Authenticator mobile app, which can help firms meet industry-standard factors for authentication. What is multi-factor authentication?

Many of your online accounts or software applications are currently protected by a login and password. That password is a single factor in the authentication process — the only way that those applications or services confirm your identity. Unfortunately, passwords are easily stolen or hacked, which means that the accounts and data behind those passwords are at risk.

Multi-factor authentication adds at least one more layer of identity verification to the sign in process, so your protection against hacking and fraud attempts is stronger and more secure than simply using a password. An additional factor can take many forms, the CS Professional Suite products use the Thomson Reuters Authenticator app. Using the Authenticator app, multiple factors are required to verify your identity during the authentication process.

Important information about IRS security requirements

Per the IRS, software providers are required to implement the following security measures in all tax applications for professionals.

  • Login requirements for tax-related professional software: The IRS requires that any tax-related software for professionals must have a login with certain password requirements (regardless of whether the software is accessed via desktop or the cloud).
  • Password strength: As defined by the IRS, a strong password contains a minimum of eight characters, with at least one uppercase letter, one lowercase letter, one number, and one special character. The IRS requires that passwords expire after no more than 90 days.
  • Timeout period: Per the IRS requirements for software, CS Professional Suite applications will time out after 30 minutes of inactivity and users will be required to re-authenticate using their credentials. While your access is suspended, the operation of the software is not, so processes such as long print jobs will continue during the timeout. For details, see Timeout periods in CS Professional Suite applications.

Logging in to CS Professional Suite applications

CS Professional Suite licensing determines the type of account that is used to log in to CS Professional Suite applications. Complete the steps below to determine which type of account is required for your firm.

  1. Open your CS Professional Suite application. 
  2. To determine which account type should be used to log in, review the sign-in screen configuration. Show me.

    To differentiate between CS Web and Onvio Thomson Reuters IDs, use the text below the sign in button.


    Need to create or manage accounts for your firm?.

    If your firm uses CS Web Thomson Reuters IDs, see Creating and registering CS Web Thomson Reuters IDs.

    If your firm uses NetStaff accounts, see Adding NetStaff CS user portals.

    If your firm uses Onvio Thomson Reuters IDs, see Add or update staff information.

  3. Log in with credentials for the required account type.

    You must have an Internet connection the first time you log in to a CS Professional Suite application on a workstation, so your credentials can be authenticated. After that initial authentication, logging in to your software does not require a constant Internet connection.

    More information - my Internet is down or I lost my connection.

    • If you lose your Internet connection while logged in to a CS Professional Suite application, you will not lose access to the software.
    • Logging in while disconnected from the Internet will allow you to work in the applications.
    • To ensure CS Professional Suite applications have access to the Internet, configure your Firewall and Microsoft Edge settings.

    Note: An Internet connection is required for some operations in CS Professional Suite applications, such as electronically filing tax returns via UltraTax CS.

NetStaff CS and NetClient CS portals

If you use NetFirm CS, Virtual Office CS, or Software as a Service (SaaS), confirm that all staff members who use your CS Professional Suite products have NetStaff CS accounts. For details, see  Adding staff portals. You may also want to provide  information about strong passwords to your clients who use NetClient CS.

  • Your staff will use the logins and passwords from their NetStaff CS accounts to sign in to any CS Professional Suite desktop applications as well as their portal on  netlinksolution.com .
  • Your clients will use the logins and passwords from their NetClient CS accounts to sign in to their portal on netlinksolution.com (including Firm Hosted Client Access). For additional Client Access login details, see Signing in to Accounting CS.
  • If you use Accounting CS Bank Feeds, you will be prompted with an additional login screen for access to that feature. For details, see Accounting CS Bank Feeds login information.

Was this article helpful?

Thank you for the feedback!

Internal only

Internal help topics

Internal: Common questions for security and CS Web accounts

Internal: CS Web accounts- no contacts have Admin permissions assigned

Internal: Login credentials with multi-office or office share licensing

Internal: UltraTax CS & Fixed Assets CS security login workaround

Internal: Verifying application login credentials with EMS

Internal: Workflow for Accounting CS Bank Feeds multi-factor authentication

Internal training videos

Internal security training - Part 1 (approx 15 mins.)

Watch this video learn about updates coming soon to application security. This video was created to train staff in preparation for the November 7, 2016 communication (TL 30521) sent to customers about changes coming soon to their applications. 

Internal security training - Part 2 (approx 25 mins.)

Watch this video to learn how firms will complete the authentication process and (based on how applications are licensed) what the differences are in application login credentials.

Security and EMS (approx. 30 mins)

Watch this video to learn how to use EMS to verify what login credentials an external user should enter, if their CS Web Administrator has completed the security migration process, and if they have been given the correct permission level for access to CS Professional Suite desktop applications.