Setting up two-factor authentication for your tenants

Starting with the 24.09 release, Two-factor authentication (2FA) is enabled by default for all Partner tenants (direct and indirect) in production mode, and it cannot be disabled.

Trial partners will get 2FA auto-enabled only when their account is switched to production mode.​

Support for service accounts (users with 2FA disabled) will continue. A Partner administrator can still temporarily disable 2FA for a user by converting it to a service account. Existing service accounts remain unaffected, which is important for custom integrations that use basic authentication, as it is not compatible with 2FA. The recommended solution for such integrations is to migrate them to API clients.

2FA is not enforced for Customer tenants, but we strongly recommend that they enable it for their organizations. As a Partner administrator, you can impersonate a Customer administrator and enable 2FA for customers that are managed by you.

To enable two-factor authentication

Required role: Partner administrator

  1. Log in to the management portal.
  2. Navigate to Clients and select the customer tenant for which you want to enable the two-factor authentication.
  3. Go to Settings > Security.
  4. Slide the Two-factor authentication toggle, and then click Enable.

Now, all users in the organization must set up two-factor authentication for their accounts. They will be prompted to do this the next time they try to sign in or when their current sessions expire.

The progress bar under the toggle shows how many users have set up two-factor authentication for their accounts. To check which users have configured their accounts, navigate to My Company > Users tab and check the 2FA status column. The 2FA status of users who have not yet configured two-factor authentication for their accounts is Setup Required.

After the successful configuration of two-factor authentication, users will have to enter their login, password, and a TOTP code each time they log in to the service console.

To disable two-factor authentication

Required role: Partner administrator

  1. Log in to the management portal.
  2. Navigate to Clients and select the customer tenant for which you want to disable the two-factor authentication.
  3. Go to Settings > Security.
  4. To disable two-factor authentication, turn off the toggle, and then click Disable.
  5. [If at least one user configured two-factor authentication within the organization] Enter the TOTP code generated in your authentication application on the mobile device.

As a result, two-factor authentication is disabled for the organization, all secrets are deleted, and all trusted browsers are forgotten. All users will log in to the system by using only their login and password. On the My Company > Users tab, the 2FA status column will be hidden.