Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Security allow users to setup two factor authentication

What is Two Factor Authentication

Two-factor authentication (2FA) is a security process that requires users to provide two distinct forms of identification before gaining access to FlexDeploy. Typically, this involves a combination of something the user knows (like a password) and something the user possesses (like a code provided by an authenticator or sent to their phone) to enhance the overall security and reduce the risk of unauthorized access.

By default, 2FA is not enabled for new user. Each user must opt into 2FA configure in the user’s profile.

Configuring Two Factor Authentication

In order to start using 2FA for a given user perform the following:

1️⃣ Login into FlexDeploy normally and navigate to your profile → Security

2️⃣ Click the Enable Two Factor Authentication button and Enter your password (the FlexDeploy user who is currently logged in).

3️⃣ Setup your external authenticator application by scanning the provided QR code with your phone or device. Alternatively, if scanning is not possible or it does not work, copy the shared key and manually configure your authenticator using the key,

When manually, configuring the authenticator make sure the generated code is 6 digits longs, period is 30 seconds, and HmacSHA1 is used as the hashing algorithm. These parameters should be the default for most authenticators. All other options are up to you.

4️⃣ Enter the current code from your authenticator and click “Save”. If the code is valid, the popup will close and snack message will say 2FA is successfully configured.

At this point, your next login with the current user will prompt for 2FA code after successfully providing username and password.

Remember a Device

2FA Remember Device in Two-Factor Authentication (2FA) allows users to bypass the second authentication factor on trusted devices for 30 days. With this option, users can experience a more seamless login experience on their trusted devices while still maintaining a strong level of security.

1️⃣ In order to remember a 2FA login, enable the checkbox on the 2FA login (when the code is entered).

2️⃣ Remembered devices will always display on the users profile → security. You may revoke all or some devices if desired.


FAQ

Help I lost my authenticator device. How can I login?

As long as your FlexDeploy user has a valid email associated, email settings are configured in FlexDeploy to send mail, and you have access to the email, then you can still login.

From the 2FA prompt, click “recovery code” and then click send “new recovery code”. You should receive an emaily shortly with your 2FA recovery code which you can enter on screen to login. Beware the recovery code will only last a short period of time.

Can FlexDeploy send the 2FA code to my phone or email instead?

This is on the roadmap and is not currently supported.

  • No labels