Two factor authentication allows you to set up a second layer of authentication for your account so it stays safe even if your password is compromised by requiring you to enter a six digit code that is generated at certain intervals on your smartphone.
Only for Enterprise Edition
Active Directory plugin is a paid plugin and only for Enterprise Edition customers. In order to get more information about deployment and pricing, please get in touch with us.
Setting up 2FA for your account
To set up two factor authentication for your account, navigate to User Settings and click the on-off switch for Two Factor Authentication. This will show a modal.
How can I find this screen?
You should click the user icon at the top right and select Settings in the opened menu to access this screen.
To set up and use two factor authentication, you need to have an authenticator app on your smartphone. After installing it you need to scan the given QR code with the authenticator, storing your secret on your phone.
Now that your authenticator is generating authentication codes, enter the current one into the field before it expires and click confirm. This should finish the process, notifying you that you have succesfully set up two factor authentication for your account.
Globally enforcing 2FA
As a global administrator, you can require all users to 2FA by switching "Enforce globally" on for Two Factor Authentication in Configurations. Users who have not set up 2FA yet will be asked to set it up before they proceed on their next login.
What if someone loses their phone
In the unfortunate case that a user loses their phone, they can ask their instance's administration to disable 2FA for their account so they can log in and set it up again.
If everything seems set up right yet the server rejects authentication codes without any errors, we recommend checking the system time to see if it is correct. Keep in mind that timezones do not affect this but being a few seconds ahead or behind UTC can break 2FA validation.