Introduction
Two-factor (2FA) or multi-factor authentication (MFA) is an additional security layer for your business. This helps you address the vulnerabilities of a standard password-only approach.
Enabling the 2FA feature will add one more step to the login process for the user. In addition to providing the correct username and password, the user will be required to enter a One Time Password.
The methods that we provide for 2-Factor Authentication are:
Email: With this method, every time the user logs in, they receive an email containing the authentication code. The email that will be sent out to users you host can be customized in the Mail Templates menu. We recommend you do this before enabling 2FA for your customers.
Authenticator application: Login with an authenticator application. This method is also known as TOTP (Time-based One-time password). Using this method, the user can setup 2FA by scanning a QR code using a TOTP based smartphone application, like Google Authenticator or Microsoft Authenticator. The application then continuously generates the authentication codes for the user which the user can use to authenticate themselves.
In this article:
1. How do I enable 2FA for users on my account?
2. 2FA Email template - Authentication code
3. I can't enable 2FA on my account. Why?
4. How can I make sure that my users use 2FA?
5. One of my users has lost access to the device or email address used for 2FA. What can I do?
1) How do I enable 2FA for users on my account?
After logging in to the company account as a company administrator, go to the Account menu.
Here, find and enable the "Enable two-factor authentication" toggle, and click the Save button in the bottom-right corner.
Before enabling this option, we recommend that you make sure that:
✔ You've customized the email template that will be used to send out Authentication codes to your users.
✔ Your users have access to the inbox of the email address they have registered with RushFiles, and/or have a mobile device that they can use an Authenticator application on. This is especially important if you choose to enforce the use of 2FA on the account.
2) 2FA Email Template - Authentication code
Before you enable 2FA, it is a good idea to customize the email that will be sent out to users that use the Email authentication method. If you don't do this, your reseller's template will be used for these types of emails.
Go to the Settings -> Mail Templates menu. A new template can be found here, called Authentication code. Clicking the + button will let you customize the template for the Company language.
As always, make sure that the required tags |$Name| and |$Code| are present in your template, and that the template is set to Published. You can also send a test mail to yourself before publishing it.
You can learn more about templates here.
3) I can't enable 2FA on my account. Why?
You might experience that you can't enable 2FA as the toggle is greyed out. This means that your reseller has disabled the option to use 2FA. Get in touch with them to make the option available to you.
4) How can I make sure that my users use 2FA?
In order to make sure that your users access your account using 2FA, you have the option to enforce it. In the Account menu, change the "Enforce two factor authentication on this account" setting to enabled, and click the Save button in the bottom-right corner.
Users of your account that have not set up 2FA yet will be prompted to do so the next time they try to log in. Users will be guided through the steps with on-screen instructions. Click here to see this in action.
5) One of my users has lost access to the device or email address used for 2FA. What can I do?
In case one of your users loses access to the device they use for two factor authentication, they can use one of their recovery codes to regain access to the account.
However, you, as their administrator have the ability to temporarily disable 2FA for their user profile. This means that the next time they log in, they will be able to do so only with their password. Once they are logged in, they can either disable 2FA or change their authentication method or device.
In case the use of 2FA is enforced on the account, the user will have to setup 2FA again after inputting the correct password before gaining access to the account.
To do this:
✔ Go to the User menu.
✔ Select the user you want to disable 2FA for.
✔ Click the Temporarily disable two-factor authentication button.
✔ Confirm the action in the pop-up dialog.
✔ The user will now be able to log in once without using 2FA.