Skip to main content

Admin

Two-factor authentication (2FA)

Two-factor authentication (2FA) is a method to double-check that the user's identity is legitimate. It provides stronger protection against unauthorised account access.

38.png

A user with Cloud Admin rights can implement two-factor authentication in either of the two ways:

  1. Enable 2FA globally and make it MANDATORY FOR ALL the users of the tenant to log in with two-factor authentication..

  2. Disable 2FA and make it optional for the users of the tenant to log in with two-factor authentication.

1. When 2FA is enabled and is MANDATORY FOR ALL the users to log in with 2FA

  • An individual user will NOT be able to log in until they enable 2FA on their account. See further 2FA mandatory

  • Enabling 2FA by the Cloud Admin makes it mandatory for all users to enable 2FA for their individual accounts. So when the Cloud Admin disables 2FA, the users will have to manually disable 2FA for their accounts.

  • We recommend that the Cloud Admin communicates about this change to all the tenant users in advance so that the users are informed about the change in the login process.

  • In this case, after entering the account credentials, the user will have to enter the verification code sent to the user's registered email address. For a detailed description, refer 2FA Mandatory

2. When 2FA is disabled and is optional for the users to log in with 2FA

  • In this case, when the user logs in for the first time, s/he will have the option to enable two-factor authentication and log in using account credentials and a verification code.

  • If the user skips enabling two-factor authentication at the time of logging in, s/he can enable it from the profile page in their account.

    For a detailed description, refer 2FA Optional

2FA Mandatory for all users

As an Enviso Cloud Admin, if you wish to make it mandatory for all the users to log into their Enviso account using their credentials and a verification code, then enable the parameter Two-factor authentication (Admin > Settings > Security).

48.jpg

If not already enabled, a confirmation pop-up will appear, where you will need to enter your tenant's name exactly as it was entered at the time of registration, including uppercase/lowercase characters. This is to ensure that two-factor authentication is not accidentally enabled or disabled.

42.jpg

When two-factor authentication is enabled, the login procedure for all the users of the tenant will be as follows:

  1. On the login screen, the user enters their Enviso account credentials.

  2. The user enables two-factor authentication.

    43.jpg

  3. The user enters the verification code sent to his/her email address registered on Enviso.

    If the verification code has expired, the user can click 'Resend code' to get a new verification code.

    59.jpg

  4. Upon successful validation, the user can access his/her account.

  5. For the subsequent login, after the user enters his/her credentials, the user will have the option Do not ask again for 30 days. If selected, the user will not be prompted to re-authenticate with a verification code for the next 30 days.

    45.jpg

On the user's profile page, you can consult which two-factor authentication method is enabled for you. If 2FA is mandatory, you will not be able to disable both the 2FA methods.

542.png

2FA Optional

As a Cloud Admin, if you do not wish to make two-factor authentication mandatory for all tenant users, you can disable it from Admin > My profile > Two-factor authentication.

52.jpg

If not already disabled, a confirmation pop-up will appear, where you will need to enter your tenant name exactly as it was entered at the time of registration, including uppercase/lowercase characters. This is to ensure that Two-factor authentication is not accidentally enabled or disabled.

58.jpg

When two-factor authentication is disabled, the login procedure for the venue users will be as follows:

  1. On the login screen, the user enters their Enviso account credentials.

  2. The user has the option to enable two-factor authentication or skip enabling it right away.

    53.jpg

  3. Depending on the user's choice, the next step will be:

    3.1: If the user enables two-factor authentication, the user will have to enter the verification code sent to his/her email address registered on Enviso.

    By clicking 'Resend code', the user can request a new verification code in case the code has expired.

    59.jpg

    Note

    For the subsequent login, the user will have the option Do not ask again for 30 days. If selected, the user will not be prompted to re-authenticate with a verification code for the next 30 days.

    45.jpg

    3.2: If the user chooses I will do it later, the user will be able to log in with just the valid credentials. Later, the user will be able to enable/disable two-factor verification from his/her profile page.

    49.jpg

Consult 2FA status

From the User accounts page, is possible to consult whether users have enabled, disabled, or not yet configured two-factor authentication (2FA) for their Enviso account.

82.jpg

Moreover, you can view the configured 2FA methods for any user in the user details sidebar.

205.png
In this section: