Two-Factor Authentication (2FA) requires users to verify their identity using a code sent to their mobile device in addition to their password. It provides an added layer of security, particularly for users with extensive permissions such as knowledgebase administrators.
For users who will sign with two-factor authentication, the Cell Phone field in their user record must contain a validly formatted number. Non-US phone numbers must be preceded by ‘+’ and the country code. For US numbers, the country code (+1) is optional.
The system ignores spaces, hyphens, and parentheses in the phone number. The following lists examples of acceptable formats:
Be aware that access to the admin console is only available for on-premise customers who maintain their own server.
Also note, if you do not see Two Factor Authentication, you may need to upgrade to a later release.
To enable 2FA in a specific knowledgebase, log in as an admin and go to Setup > Access > Two Factor Authentication.
To enable 2FA in the admin console, log in and go to General > Settings and click Two Factor Authentication.
You can optionally Exclude groups or Exclude users from two-factor authentication. For instance, you may wish for users with low permission levels to log in with a password only, while admin-level users must provide two forms of authentication.
When excluding specific users from 2FA, enter the user’s Login. Use a comma to separate logins, e.g. jdoeadmin, testuser as shown below:
Choose whether two-factor authentication is required For every login, or only For the first login from a particular device.
Optionally, choose an expiration period after which users must reauthenticate.
Authentication Method: Choose whether to use standard SMS or the Google Authenticator app. If Google Authenticator is chosen, users must download the app to their smart device and create an account before receiving verification codes.
Google Authenticator is compatible with Android, BlackBerry, and iOS devices.
If you lose your secret key, due to reinstalling your app or changing device, the authentication popup dialog contains an option to Resend secret key. The key will be sent to your email address or via SMS to your cellphone, depending on the method defined by the administrator. Note that the option to resend the key only appears once the user has entered their login and password.