Managing Two Factor Settings (2FA)
Ian Remington avatar
Written by Ian Remington
Updated over a week ago

What is Two Factor Authentication?

Two Factor (sometimes called two-step) Authentication provides an extra layer of security when you log in to confirm it's actually you. In Crelate, you can use your confirmed email address, phone number, or authenticator (such as Google or Microsoft authenticator app) as the second step in your login process. If Two Factor Authentication is enabled, after providing the correct email and password, you will be asked where you would like your verification code sent. After the code has been sent, you provide the code you just received from your phone, email, or authenticator to complete the login process. As a best practice, we recommend the options below:

  1. Authenticator App

  2. Phone AND Email Address

While solely using a phone number or email address is an option, we always recommend having multiple options to ensure your login experience is never interrupted.

Turning Two Factor On/Off for your Organization

Organization wide two factor settings can be located in the Advanced Security tab in Settings. Admins can adjust the two factor settings so that it is completely disabled for any user (Off), enabled for setup by individual users (Enabled) or required upon login for every user (Required).

If an admin chooses to require Two Factor Authentication, this change will be enforced the next time a user in the org logs back in. In the case where a user does not have a phone number or email confirmed the next time they log in and the org setting is "Required", they will be prompted to set up two factor authentication upon login.

Resetting Two Factor for a User

Admins can use the User tab under Basic Set Up to see which users have two factor enabled, if their email has been confirmed and what phone number they are using. If two factor is Enabled on an org, admins can turn off two factor for a user by clicking the Reset Two Factor button. This can be handy in case a particular user no longer has access to their phone or email and needs to log back in without it.

Setting up Two Factor in My Profile

First, you will need to navigate to Menu | Manage Your Profile & Preferences | Security and type in your password to verify.

Next, add your Phone or Authenticator that you wish to use. Email will be verified and ready to use by default.

When setting up the Authenticator, will you be prompted to complete the step below:

Any app or program that supports the TOTP standard can be used with the Authenticator.

**Please note that email can only be used if you do not have a phone number or authenticator verified**

If Two Factor Authentication is turned "Off" completely for your org, the settings for two factor will not show. Two Factor Authentication requires at least a confirmed email, phone number, or authenticator to send a verification code to. If your email, phone number, or authenticator has not been confirmed or given, two factor authentication will not be enforced.

What's Next?

Looking for more information on security settings? Check out our content below!

Did this answer your question?