Adverity supports Two-factor authentication as an additional security layer. With 2 Factor Authentication (2FA), users are required to use a six-digit token provided by their mobile device additionally to the password in order to log in.
- In order to scan the QR-code on the screen, you need to install an app on your mobile device that supports the scanning of QR-Codes like Barcode Scanner.
- Additionally you need an app that supports time-based security tokens based on RFC6283 standard. This can be Google Authenticator for Android or Authenticator for iPhone.
Two options are possible:
OPTION 1: OPTIONAL 2-FACTOR AUTHENTICATION PER USER
Each user has the possibility to optionally enable 2FA for their account. In this case the 2-FA authentication can be disabled at any time by the users themselves.
- From the Connect, Enrich or Transfer Elements, navigate through Person Icon ( ) > Account.
- Click "2 Factor Authentication" in the left-hand menu.
- Follow the steps to set up a device.
- 2FA is now enabled for this user.
- To unlink a device, navigate through the same steps, enter your password and click Unlink.
It is recommended to generate a set of backup tokens and store them securely. A backup token allows users to reset the tokens on their device and scan a new QR code in case the user has a new mobile phone or has deleted their token from their app.
OPTION 2: MANDATORY 2-FACTOR AUTHENTICATION FOR ALL USERS
It is also possible to enforce 2FA as a requirement for the entire stack. Once enabled, users are not able to opt out of 2FA. Please contact firstname.lastname@example.org if you want to enable Two-factor authentication for all users on the stack.
Once the 2FA is enabled for the whole stack, it is no longer possible to log in without a token. You can also facilitate this by sending a token to users manually to prompt them to set up 2FA.
- From the Connect, Enrich, or Transfer Element, navigate through Workspace Picker > Administration.
- In the left-hand menu, under Other, click Users
- Use the checkboxes to the left of each email address in the list, filling the boxes for those Users whom you wish to receive a 2FA token.
- Click the drop-down box that reads "X of X selected", and select "Send temporary 2FA token"
- Each user selected will receive an email with a back-up code.
Please Note: All users created after 2FA has been enabled for the whole stack will automatically receive an email prompting them to set up 2FA.