TABLE OF CONTENTS
- Definition of terms
- Configuration
- Behavior in the system
- How our customers use it
- More articles on this topic
Definition of terms
Two-Factor Authentication (2FA) is a security procedure where users must use two different methods (also called factors) to verify their identity before they gain access to the system. It adds an extra layer of security beyond the traditional password.
The two factors can come from the following categories:
- Knowledge: Something the user knows (e.g., password or PIN).
- Possession: Something the user possesses (e.g., smartphone, hardware token).
- Biometrics: Something the user is (e.g., fingerprint, facial recognition).
Example: Users log in with their password (Knowledge) and then must enter a code sent to their smartphone (Possession).
Configuration
- For Administrators: Go to the page General Settings, click on the tab Security, and click the edit icon to enable Two-Factor Authentication.
See: Two-Factor Authentication - enable or disable as an admin - For Users: Go to the page My User and set up Two-Factor Authentication with your smartphone.
See: Two-Factor Authentication - enable as a user
Behavior in the system
- Permission
Users who have the permission to edit general settings in one of their roles can enable or disable this function. - Requirements on the user side
To use Two-Factor Authentication, all users logging into the system will need a mobile phone, as this is the second factor for our system. They will also need to download an authentication app. The choice of app is up to the user. Popular examples include Google Authenticator or Microsoft Authenticator. - Effect of enabling
- Scope
If Two-Factor Authentication is enabled, it applies to all users who use username/password as their login method. The function cannot be restricted to a specific company, organizational unit, or user group within the system. - System notifications
When this function is enabled by administrators, a message with a link to the My User page is shown to all users.
Additionally, the Two-Factor Authentication field will appear under the Username and Password input fields on the login page. - User process
- If users click the link in the notification or navigate to the My User menu item, they can activate Two-Factor Authentication for themselves. See: Enable Two-Factor Authentication as a user
The notification will remain until the user has configured the feature. - Once users have activated Two-Factor Authentication, they will need to enter their Username, Password, and a 6-digit code from their authentication app on their mobile phone in the Two-Factor Authentication field on the login page.
- If users click the link in the notification or navigate to the My User menu item, they can activate Two-Factor Authentication for themselves. See: Enable Two-Factor Authentication as a user
- Scope
- What happens if users do not set up two-factor authentication?
These users can still log in with their user name and password. If it is important to you that all users use Two-Factor authentication (2FA), you can check who has already activated it and who has not. In the user overview (on the page Users), you can recognize this by the two-key symbol . You can contact users who have not yet set up the function by email and ask them to complete the setup. See: Two-Factor Authentication - enable as a user
As our customers' requirements for Two-Factor Authentication are very diverse and companies' processes in this regard are handled differently, there will be no function that forces users to set up two-factor authentication.
Recognize users with two-step authentication enabled
Users who have set up Two-Factor authentication are marked in the user overview with the two-key symbol in the “Login method” column. This can also be seen in the user's header under their name and organizational unit.
Login error
Users who have set up two-factor authentication but do not enter the code will receive the following error message on the login page, above the user name and password.
"Login failed. Please check your login details and try again. Otherwise contact your administrator." As soon as you enter the code in addition to the user name and password, you can log in.
- Integration with Single Sign-on
Two-Factor Authentication only applies to users who log into the system with a username/password. Users logging in via Single Sign-on will not need to use a second factor. - Deactivation
The function can be deactivated at any time. Users will then log in as before with just a username/password or via Single Sign-on. - History of changes
Changes on the setting of the 2FA will be protocolled in the activity log.
How our customers use it
This is a new feature, so we do not yet know how you will use it. However, it has been a frequent request in the past, which is why we have implemented it. We hope it helps satisfy your need for additional security.