Adverity Datatap supports Two-factor authentication as an additional security layer. With 2 Factor Authentication (2FA), users are required to use a six-digit token provided by their mobile device additionally to the password in order to log in.
- In order to scan the QR-code on the screen, you need to install an app on your mobile device that supports the scanning of QR-Codes like Barcode Scanner.
- Additionally you need an app that supports time-based security tokens based on RFC6283 standard. This can be Google Authenticator for Android or Authenticator for iPhone.
Two options are possible:
OPTION 1: OPTIONAL 2-FACTOR AUTHENTICATION PER USER
Each user has the possibility to optionally enable 2FA for their account. In this case the 2-FA authentication can be disabled at any time by the users themselves.
- Security -> Authenticator.
- Follow the steps to set up a device.
- 2FA is now enabled for this user.
To unlink a device, navigate back to Authenticator, enter your password and click Unlink.
It is recommended to generate a set of backup tokens and store them securely. A backup token allows users to reset the tokens on their device and scan a new QR code in case the user has a new mobile phone or has deleted their token from their app.
OPTION 2: MANDATORY 2-FACTOR AUTHENTICATION FOR ALL USERS
There is the possibility to enforce 2FA as a requirement for the entire stack. Once enabled, users are not able to opt out of 2FA. Please contact email@example.com if you want to enable Two-factor authentication for all users on the stack.
Once the 2FA is enabled for the whole stack, it is no longer possible to log in without a token. You can also facilitate this by sending a token to users manually to prompt them to set up 2FA.
- Manage Users -> Select User(s)
- Initialize 2FA
- The user will receive an email with a back-up code.
For all users that are created after 2FA has been enabled for the whole stack, they will automatically receive an email, prompting them to set up 2FA.