Managing two-factor authentication for users

You can monitor two-factor authentication settings for all your users and reset the settings in the management portal, under My Company > Users tab.

Monitoring

In the management portal, under My Company > Users, you can see a list of all users in your organization. The 2FA status indicates if the two-factor configuration is set up for a user.

To reset the two-factor authentication for a user

  1. In the management portal, go to My Company > Users.
  2. On the Users tab, find a user for whom you want to change the settings, and then click the ellipsis icon.
  3. Click Reset two-factor authentication.
  4. Enter the TOTP code generated in the authentication application on your second-factor device and click Reset.

As a result, the user will be able to set up two-factor authentication again.

To reset the trusted browsers for a user

  1. In the management portal, go to My Company > Users.
  2. On the Users tab, find a user for whom you want to change the settings, and then click the ellipsis icon.
  3. Click Reset all trusted browsers.
  4. Enter the TOTP code generated in the authentication application on your second-factor device, and then click Reset.

The user for whom you have reset all trusted browsers will have to provide the TOTP code on the next login.

Users can reset all trusted browsers and reset two-factor authentication settings by themselves. This can be done when they log in to the system, by clicking the respective link and entering the TOTP code to confirm the operation.

To disable two-factor authentication for a user

We do not recommend disabling the two-factor authentication because this creates potential for breaches in the tenant security.

As an exception, you can disable the two-factor authentication for a user and keep the two-factor authentication for all other users of the tenant. This is a workaround for cases when two-factor authentication is enabled within a tenant where a cloud integration is configured, and this integration authorizes to the platform via the user account (login password). In order to continue using the integration, as a temporary solution, the user can be converted into a service account for which two-factor authentication is not applicable.

Switching regular users to service users in order to disable two-factor authentication is not recommended because it poses risks to the tenant security.

The recommended secure solution for using cloud integrations without disabling the two-factor authentication for tenants is to create API clients and configure your cloud integrations to work with them.

  1. In the management portal, go to My Company > Users.
  2. On the Users tab, find a user for whom you want to change the settings, and then click the ellipsis icon.
  3. Click Mark as service account. As a result, a user gets a special two-factor authentication status called Service account.
  4. [If at least one user within a tenant has configured two-factor authentication] Enter the TOTP code generated in the authentication application on your second-factor device to confirm disabling.

To enable two-factor authentication for a user

You may need to enable two-factor authentication for a particular user for whom you have disabled it previously.

  1. In the management portal, go to My Company > Users.
  2. On the Users tab, find a user for whom you want to change the settings, and then click the ellipsis icon.
  3. Click Mark as regular account. As a result, a user will have to set up two-factor authentication or provide the TOTP code when entering the system.