Two-Factor Authentication (2FA) requires users to verify their identity using both a password and a code sent to their mobile device in addition to their password. It provides an added layer of security, particularly for users with extensive permissions such as knowledgebase administrators.
For users who will sign in with two-factor authentication, the Cell Phone field in their user record must contain a validly formatted number. Non-US phone numbers must be preceded by "+" and the country code. For US numbers, the country code (+1) is optional.
The system ignores spaces, hyphens, and parentheses in the phone number. The following formats are all accepted:
You can enable two-factor authentication from a knowledgebase or the admin console. Admin console access is only available for on-premise customers who maintain their own server.
To enable 2FA:
In a specific knowledgebase, log in as an admin and go to Setup > Access > Two Factor Authentication.
In the admin console, log in and go to General > Settings and click Two Factor Authentication.
If you don't see Two Factor Authentication, you likely need to upgrade to a later release.
Select the checkbox Require two factor authentication.
You can optionally Exclude groups or Exclude users from two-factor authentication. For instance, you might allow users with low permission levels to log in with only a password, while admin-level users must provide two forms of authentication. When excluding specific users from 2FA, enter the user’s Login. Use a comma to separate multiple logins.
Choose whether two-factor authentication is required For every login, or only For the first login from a particular device.
Optionally, choose an expiration period after which users must reauthenticate.
Choose an authentication method, either standard SMS or the Google Authenticator app. If Google Authenticator is chosen, users must download the app to their smart device and create an account before receiving verification codes.
Google Authenticator is compatible with Android, BlackBerry, and iOS devices.
When 2FA is set up in your system, you'll use it when you log in.
You can use the Google authenticator app instead of SMS. For an example of setting up and using Google Authenticator, see 2-Step Verification with Google Authenticator.
If you lose your secret key, such as when reinstalling the app or changing your device, use the authentication pop-up dialog option to Resend secret key. The key is sent to your email address or to your cellphone by SMS, depending on the method defined by the administrator. The option to resend the key only appears once you have entered your login and password.