Two Factor Authentication
Enabling Two Factor Authentication (2FA) provides an extra level of security for your Logins.
Upon a successful email and password login, the user is then required to provide a unique 6-digit code generated by an authenticator app or device.
By default Two Factor Authentication is optional and must be set up by a login via their Login Profile.
Users with access to Account Settings via the Admin permission can optionally set 2FA to be required for all logins to that account. However where 2FA is managed at the Agency level, account settings are overridden.
Enabling Two Factor Authentication
Two Factor Authentication can either be enabled solely for your login or for all logins with access to the account via the Account settings.
Enabling For Your login
To set up Two Factor Authentication for your login.
- Select "My Details" from the drop down menu in the top navigation bar.
- Choose the "Two Factor Authentication" tab and click "Enable Two Factor Authentication".
- Follow the on screen prompts to install an authenticator app and scan the QR code.
- Enter the 6-digit code and click "Verify Code".
Following successful verification you will be redirected to your Login Profile. Going forwards when you log in you will need to use your authenticator device to generate a new 6-digit code.
Enabling For All Account Logins
This requires access to Account settings via the Account Admin permission.
- Select "Account Settings" from the drop down menu in the top navigation bar.
- Choose the "Default Settings" tab and scroll down to "Log In Protection".
- Set the option to "Require new authentication code on every log in attempt" and save the page.
When Account Logins next log in, they will be prompted to install an authenticator app and generate a unique 6-digit code to verify before they can continue into the application.
Installing Authenticator Apps
We recommend using the Google or Authy authentication apps to generate verification codes.
Both are available to download free of charge from the Apple App Store and Google Play.
When installed you will be prompted to scan the QR code we provide on the Two factor Authentication setup screen. Once this is done the app will begin generating verification codes automatically.
A text based 16-digit setup code is also provided if you are unable to scan the barcode.
Trusted Devices
Account Admins can optionally allow Trusted Devices to be used. When this feature is enabled the person logging in will see a checkbox that when checked sets that browser and location as trusted.
For the duration of the trusted period, log ins from that browser and location will not be required to enter the 6-digit verification code.
Depending on the settings that have been enforced, logins can remain trusted for either 30 days, 14 days or 7 days before being expired.
Managing Two Factor Authentication
You can manage a logins Two Factor Authentication status from their login profile.
Depending on the settings that have been enforced you will see the following options;
- Disable the feature for a login, removing their need to verify.
- Reset the feature for a user, invalidating their existing authenticator devices and allowing them to set a new authenticator device.
- Setup additional authenticator devices.
- View and manage Trusted Devices.
Multi-Client Logins
Multi-client logins will be bound by the strictest Two Factor Authentication settings set within the group of accounts they have access to.
For example if your login has access to a primary account and its sub-accounts and the primary account requires logins to authenticate on every login, this would be enforced for the sub-accounts as well.