Documentation Version: er2.0.28-docs-1.1

Two-factor Authentication (2FA)

Two-factor authentication (2FA) secures user accounts by requiring users to enter an additional verification code when signing in on the Web Console.

Enabling 2FA for a user account does not affect login credentials for the Master Server Console.

See the following topics for more details:

Who Can Enable 2FA for User Accounts

See User Permissions for more information.

Enable 2FA for Own User Account

As an individual user, you can enable 2FA for your own user account by doing the following:

  1. Log into the Web Console.
  2. Go to the MY ACCOUNT > MY ACCOUNT DETAILS page.
  3. Set the toggle button to On for Two Factor Authentication (2FA).
  4. Select Setup 2FA to set up your authenticator device. Otherwise, you will be prompted to set up your authenticator device the next time you sign in.

Enable 2FA for Individual User Accounts

As a Global Admin or System Manager, enable 2FA on a single user account by doing the following:

  1. Log into the Web Console.
  2. Go to the USERS AND SECURITY > USER ACCOUNTS page.
  3. Click Edit for the selected user.
  4. Set the toggle button to On for Two-factor Authentication (2FA) and click Save.

The user will be prompted to set up 2FA authentication the next time they sign in.

Enforce 2FA for All Users

As a Global Admin or System Manager, enforce 2FA for all users by doing the following:

  1. Log into the Web Console.
  2. Go to the USERS AND SECURITY > SECURITY AND COMPLIANCE page.
  3. Under the Account SecurityTwo-factor Authentication section, set the toggle button to On to enforce 2FA for all users.

All users will be prompted to set up 2FA authentication the next time they sign in.

Set Up 2FA with Google Authenticator

To set up 2FA for your user account, you must have a two-factor authenticator app like Google Authenticator installed on your mobile device.
You can use alternative authenticator apps, such as:

Once installed, do the following:

  1. In the Web Console, open the Setup Two Factor Authenticator dialog box by doing one of the following:
    1. When enabling 2FA for your own user account, click the Setup 2FA button that appears next to the Enable Two Factor Authentication (2FA) toggle button; or
    2. If 2FA has already been enabled but not set up for your user account, you will be prompted to set up 2FA the next time you sign in. When prompted to set up 2FA, click Proceed.
  2. Launch Google Authenticator on your mobile device.
  3. In Google Authenticator, Add an account and select Scan a barcode.
  4. Scan the QR Code displayed on the Setup Two Factor Authenticator dialog box.
    If you cannot scan the provided QR Code, set up 2FA by selecting Enter a provided key on Google Authenticator and enter the Secret Key displayed on the Setup Two Factor Authenticator dialog box.
  5. Verify that 2FA has been correctly set up by entering the 6-digit code displayed on Google Authenticator into the Enter Code field.
  6. Click Continue to complete the setup.

The next time you sign in, ER2 will ask you for your 2FA code.