Two-factor authentication
When 2FA is enabled in a workspace, any user with access to this workspace must provide a security code after entering their login and password. The code is generated by an authenticator app on the user’s smartphone.
The user must provide the code when logging on, NOT when entering a workspace (except when accessing the workspace for the first time).
Prerequisites
You must be granted access to the Settings module and permissions that allow performing actions there.
Enforcing 2FA for a workspace
- After a user logs on, they don’t need to enter the authentication code on the same device for 8 hours.
- Logging on with Security Assertion Markup Language (SAML) is treated as a successful 2FA login.
- Go to
Settings > Access Control. - In the Two-factor authentication section, to enforce this type of authentication, click Enable.
Result: Users must enter a security code in addition to their login and password. The procedure of logging on with 2FA for the first time is described in “Account Security”.
Disabling 2FA requirement for a workspace
- Go to Settings > Access Control.
- In the Two-factor authentication section, to switch off this type of authentication, click Disable.
- Enter the backup code (it was generated when you enabled the two factor authentication).
- Confirm by clicking Disable.
After you disable the 2FA requirement, 2FA remains enabled for users who already configured it.
Enabling 2FA for a single user
To manually enable 2FA for your account as a user, see “Account Security”.
