Introduction
Two-factor (2FA) or multi-factor authentication (MFA) is an additional security layer for your account. This helps you address the vulnerabilities of a standard password-only approach.
Enabling the 2FA feature will add one more step to the login process for the user. In addition to providing the correct username and password, the user will be required to enter a One Time Password.
The methods for 2-Factor Authentication in FileWizrd are:
Email: With this method, every time the user logs in, they receive an email containing the authentication code. The email that will be sent out to users you host can be customized in the Mail Templates menu. We recommend you do this before enabling 2FA for your customers.
Authenticator application: Login with an authenticator application. This method is also known as TOTP (Time-based One-time password). Using this method, the user can setup 2FA by scanning a QR code using a TOTP based smartphone application, like Google Authenticator or Microsoft Authenticator. The application then continuously generates the authentication codes for the user which the user can use to authenticate themselves.
In this article:
1. How do I enable 2FA for users on my account?
2. I can't enable 2FA on my account. Why?
3. How can I make sure that my users use 2FA?
4. One of my users has lost access to the device or email address used for 2FA. What can I do?
1) How do I enable 2FA for users on my account?
After logging in to the account as an account administrator, go to the Account menu.
Here, find and enable the "Enable two-factor authentication" toggle, and click the Save button in the bottom-right corner.
Before enabling this option, we recommend that you make sure that:
✔ Your users have access to the inbox of the email address they have registered with FileWizrd, and/or have a mobile device that they can use an Authenticator application on. This is especially important if you choose to enforce the use of 2FA on the account.
2) I can't enable 2FA on my account. Why?
You might experience that you can't enable 2FA as the toggle is greyed out. In this case, please contact us.
3) How can I make sure that my users use 2FA?
In order to make sure that your users access your account using 2FA, you have the option to enforce it. In the Account menu, change the "Enforce two factor authentication on this account" setting to enabled, and click the Save button in the bottom-right corner.
Users of your account that have not set up 2FA yet will be prompted to do so the next time they try to log in. Users will be guided through the steps with on-screen instructions. Click here to see this in action.
4) One of my users has lost access to the device or email address used for 2FA. What can I do?
In case one of your users loses access to the device they use for two factor authentication, they can use one of their recovery codes to regain access to the account.
However, you, as their administrator have the ability to temporarily disable 2FA for their user profile. This means that the next time they log in, they will be able to do so only with their password. Once they are logged in, they can either disable 2FA or change their authentication method or device.
In case the use of 2FA is enforced on the account, the user will have to setup 2FA again after inputting the correct password before gaining access to the account.
To do this:
✔ Go to the User menu.
✔ Select the user you want to disable 2FA for.
✔ Click the Temporarily disable two-factor authentication button.
✔ Confirm the action in the pop-up dialog.
✔ The user will now be able to log in once without using 2FA.