Adverity Datatap supports Two-factor authentication as an additional security layer. With 2 Factor Authentication (2FA), users are required to use a six-digit token provided by their mobile device additionally to the password in order to log in.
- In order to scan the QR-code on the screen, you need to install an app on your mobile device that supports the scanning of QR-Codes like Barcode Scanner
- Additionally you need an app that supports time-based security tokens based on RFC6283 standard. This can be Google Authenticator for Android or Authenticator for iPhone
Two options are possible:
OPTION 1: OPTIONAL 2-FACTOR AUTHENTICATION PER USER
Each user has the possibility to optionally enable 2FA for their account. In this case the 2-FA authentication can be disabled at any time by the users themselves.
- Security -> Authenticator
- Follow the steps to set up a device
- 2FA is now enabled for this user
To unlink a device, navigate back to Authenticator, enter your password and click Unlink.
It is recommended to generate a set of backup tokens and store them securely. A backup token allows users to reset the tokens on their device and scan a new QR code in case the user has a new mobile phone or has deleted their token from their app.
- The codes of the Two-factor authentication app are being updated every minute. Make sure that the time settings of your device are correct as tokens between your device and Adverity DataTap might not be matching otherwise.
OPTION 2: MANDATORY 2-FACTOR AUTHENTICATION FOR ALL USERS
There is the possibility to enforce 2FA as a requirement for the entire stack. Once enabled, users are not able to opt out of 2FA. Please contact firstname.lastname@example.org if you want to enable Two-factor authentication for all users on the stack.
Prior to asking our support to enable 2-Factor Authentication for the whole stack, all users should have generated a token and backup codes, using the steps described above. Once the 2FA is enabled for the whole stack, it is not possible to log in without a token anymore. You can also facilitate this by sending a token to users manually to prompt them to set up 2FA.
- Manage Users -> Select User(s)
- Initialize 2FA
- The user will receive an email with a back-up code
For all users that are created after 2FA has been enabled for the whole stack, they will automatically receive an email, prompting them to set up 2FA.