When two-factor authentication (2FA) is in use, Access Identity provides multiple security options for users to protect their accounts:
Opt-in to 2FA and register a trusted device, such as their phone, to receive a code to enter in the second step of their sign-in process, protecting users who may have had their password compromised.
Use SMS or use a broader set of authenticator apps such as Google Authenticator, Authy or FIDO2 to secure and log into your Access Identity account.
Set up forced 2FA, where it applies to all users with that domain.
Enable 2FA individually
To enable 2FA for individual accounts, follow the steps below.
Go to https://identity.accessacloud.com and log in.
Click Two Factor Authentication.
Click Get started with two-factor authentication then select the relevant option:
Use a hardware security key or biometric features on your device.
Add a phone number to receive an SMS message containing a verification code.
Use an authentication app on your phone. This is a lot faster and more convenient in getting the required verification code compared to SMS.
When enabling this option, your user is asked to scan a QR code with the authenticator application. Then the user is provided with a code to enter.
On the preferred option, click Add authenticator.
Take note of the backup codes then confirm you understand the use of backup codes.
Click Enable Two Factor.
Backup codes importance
Backup codes are crucial for the user to store as these enable them to get back into their account if the phone they’ve registered has been lost or stolen.
An additional feature lets a domain owner switch off a user’s 2FA if that user has lost their phone, but this is only applicable if their organisation has proven ownership of their company domain first.