How to Set Two-factor Authentication (2FA) with Office Chat

About Two Factor Authentication

Two factor authentication (2FA) provides a more secure login process because when users try to sign in, they’ll have to provide two pieces of information:

  • The account password.
  • A single-use authorization code generated by a mobile app (e.g. Google Authenticator) OR an email message.

This is similar to a cash withdrawal machine at the bank, which requires both a debit card and a personal identification number (PIN). The difference here is that you’ll have to use a different authorization code every time you sign in, because an authorization code expires after it’s used. The network administrators can enable 2FA for all network users.

NOTES:
  • Two factor authentication is applied to all users (Network & guest) when logging into their Office Chat domain using the default authentication of the mechanism of Office Chat (i.e. email & password).
  • When logging in via Google Apps or other SAML providers this setting would not be applicable.
  • This feature is available to users logging in from Web, Desktop and MAC only.

Enabling Two Factor Authentication

To Activate the feature in Office Chat:

  1. Go to the Admin portal > Security > Browser access page
  2. Scroll to the Two factor authentication settings and choose the type of authentication from the drop-downThere are two different ways to retrieve authentication codes to use during login. You can either:
  • Enable 2FA token via email OR
  • Enable 2FA token via Authenticator app
  1. Set the Authentication validity period
  2. Click Save Settings

How Two Factor Authentication works once enabled:

Login via Web:

Step 1: Users log in with Username and Password

Step 2: User gets a secure code via email or an authenticator app on the mobile as configured by the network admin during set up.

Step 3: The user provides the secure code in the browser to access the account.

Steps to Reset Two Factor Authentication for Users (Admin function)

The domain administrator can reset the 2FA for users in case they lose access to the mobile device they used at the time of 2FA activation.

  1. Go to the admin portal > Users
  2. Select the user by clicking on the checkbox.
  3. Click on “User Tools” from the right side then click “Reset QR code.”
  4. The next time the user logs in, the user can set up 2FA from the beginning, providing a code from the authenticator.

Recommended Authenticator apps

You’ll need to download an authenticator app to your mobile device. The app will be able to scan QR codes and retrieve authentication data for you.

Here are some recommended authenticator apps., you can follow the links to download and install them:

The QR code will be shown next time the user logs in.
For example this is a user logging in from the web browser.

Can I restrict login based on IP addresses?

Yes, with Office Chat Enterprise plan you can set an IP range for your network to only allow employees to access Office Chat from your office network or from behind a VPN.

To help protect your organization’s data from unauthorized access, you can specify a list of IP addresses from which users can log in. Users outside of the specified login IP ranges cannot access your domain.

To restrict access on a single or on multiple IP ranges refer to the diagrams and steps below:

  1.  Go to the admin portal
  2.  Click on ‘Security’ from the left-hand navigation
  3.  Click on ‘Browser Access’ and navigate to IP range configuration.
  4. Define one or more IP ranges &  click on the “Save Settings” button to register your settings.

IP based Access Browser

 

While designating IP ranges by following above steps will work on the web, there are a few additional settings you will have to enable to configure the same IP based restriction on Office Chat Desktop Application and Office Chat Mobile applications :

  • To enable IP based access configured in the ‘Browser Access’ section of your admin portal to native desktop and Mac clients as well:
    1) Kindly go to the ‘Admin Portal’ > Click on ‘Security’ from the left-hand navigation
    2) Click on ‘Desktop Access’ and tick on ‘Enable IP based settings’ and click on the ‘Save’ Button.

IP based Access Desktop

 

  • To enable IP based access configured in the ‘Browser Access’ section of your admin portal to Mobile clients as well:
    1) Kindly go to the ‘Admin Portal’ > Click on ‘Security’ from the left-hand navigation
    2) Click on ‘Mobile Access’ and tick on ‘Enable IP based settings’ and click on the ‘Save’ Button.

IP based Access Mobile

Note: IP ranges between 192.168.0.0 – 192.168.255.255 are not accepted as these are private IP ranges and cannot be used on the internet.

How can I restrict access to Office Chat from outside?

Office Chat Admins can choose to allow only specific IP addresses to access their Network. 

To help protect your organization’s data from unauthorized access, you can specify a list of IP addresses from which users can log in. Users outside of the specified login IP ranges cannot access the web portal. 

Note: IP ranges between 192.168.0.0 – 192.168.255.255 are not accepted as these are private IP ranges and cannot be used on the internet. 

To restrict access on a single or on multiple IP ranges refer to the diagrams and steps below: 

  1.  Log in to Office Chat in your browser and go to the Admin Portal 
  2. Click on ‘Security’ from theleft hand navigation menu 
  3. Click on Browser Access and navigate to IP range configuration.
  4. Define one or more IP ranges & click on the “Save Settings” button to register your settings. 

IP Whitelisting

How do I sign a BAA Agreement with Office Chat? 

“BAA” is an acronym for “business associate agreement”. BAAs are hybrid contractual and regulatory instruments, meaning both the parties satisfy HIPAA regulatory requirements. 

To initiate the BAA process a few things will need to occur. 

  1. To get a BAA,  Office Chat will be available only on the Enterprise Annual Plan. You can see the pricing here: https://officechat.com/office-chat-pricing 
  2. We will create a new domain on a special server. You can let us know what name you need, for example: (Current domain / Companyname). The special server runs on a 7-day auto destruct meaning nothing is kept after 7 days. 
  3. Once you have access to your new domain, please invite your staff to this new Office Chat domain. At this point we will suspend the old domain. (This old domain will be deleted once the entire process is completed)
  4. Add your credit card details to the billing area.
  5. We will send you the BAA to sign. Following which we will sign the documents and send you a completed BAA for your records. 
  6. If you have an existing account, we will internally transfer any remaining funds to the new domain or refund them depending on if we are switching plans or what the situation calls for. 

To start, please fill out and email this information to Support@OfficeChat.com with the Subject Line: ‘Office Chat BAA Agreement’ 

  1. Office Chat Domain name: 
  2. Office Chat Admin Email: 
  3. Email of the person to send the BAA agreement (if different than admin): 
  4. A number of user seats needed (you start with 50): 
  5. Your current Office Chat plan is (If Applicable): 
  6. Acknowledge this will be the Enterprise annual plan: $999 for a year (type Yes) :
     

How do I reset my password when I have forgotten it?

A user can reset his/her own password at any time. As a security measure, the user will receive the temporary password on the office chat registered email address.

Office Chat for Web:

Open your Office Chat domain URL in a web browser and click “Forgot Password” link

1

Enter your valid email address which you use to login to Office Chat and click “Reset Password” button.  Then you’ll receive an email with a “temporary password” which you can use to login to Office Chat.

After a successful login with the temporary password, as an additional security measure you will be required to set a “new password”. This new password you enter will be the password you use for subsequent Office Chat logins.

Office Chat for Windows:

Launch the app and on the login screen click on the “Forgot Password” link at the bottom.

In the forgot password dialog box, enter the email address with which you hold an Office Chat account and click on SUBMIT button. Then you’ll receive an email with a “temporary password” that you can use to login to Office Chat.

After a successful login with the temporary password, as an additional security measure you will be required to set a “new password”. The new password you enter will be the password you use for subsequent Office Chat logins.

 

 

Office Chat for Mac:

Launch the app and on the login screen click on the “Forgot Password” link at the bottom.

In the forgot password dialog box, enter the email address with which you hold an Office Chat account and click on “Get Password” button. Then you’ll receive an email with a “temporary password” that you can use to login to Office Chat.

After a successful login with the temporary password, as an additional security measure you will be prompted to set a “new password”. The new password you enter will be the password you use for subsequent Office Chat logins.

4

 

 

Office Chat for iOS:

Launch the app and on the login screen click on the “Forgot Password?” link at the bottom.

In the forgot password dialog box, enter the email address and domain URL with which you hold your Office Chat account and click on “SUBMIT” button. Then you’ll receive an email with a “temporary password” that you can use to login to Office Chat.

After a successful login with the temporary password, as an additional security measure you will be prompted to set a “new password”. The new password you enter will be the password you use for subsequent Office Chat logins.

iOS

 

Office Chat for Android:

Launch the app and on the login screen click on the “Forgot Password?” link at the bottom.

In the forgot password dialog box, enter the email address and domain URL with which you hold your Office Chat account and click on “Submit” button. Then you’ll receive an email with a “temporary password” that you can use to login to Office Chat.

After a successful login with the temporary password, as an additional security measure you will be prompted to set a “new password”. The new password you enter will be the password you use for subsequent Office Chat logins.

Android

 

 

Office Chat Admin Portal:

You can ask your domain admin to reset the password temporarily for you. Ask your domain admin to login to Admin Portal.

Navigate to User tab and select the checkbox next to your name. Then, expand the “User Tools” dropdown menu and select “Reset Password” option.

Web1

 

Clicking on Reset password will open a dialog box. Domain admin will enter a temporary password and will share this with you.

Web2

Once the domain admin shares the temporary password, you can then use it to login into Office Chat. For security purposes, after you login, you will be immediately asked to set a new password. The new password you enter will be the password you use for subsequent Office Chat logins.

Forgot password email

The email received after performing “Forgot Password” action will have the subject as “New password for Office Chat “. Please search the email by this subject. In case the email is found in Spam folder, please mark it as “Not spam”.

Forgot Password email inbox

What are the security, privacy & compliance capabilities in office chat?

Security shouldn’t be an afterthought. Office Chat delivers proactive security, control and IT compliance over your company’s data.

Security, Privacy & Compliance Features in Office Chat:

  • All messages exchanged & files shared on office chat are encrypted in transit (TLS/SSL) and at rest (256-bit AES encryption)
  • With custom data retention & deletion rules, admins of your company control how long you wan’t your data stored
  • Remote device management to disable or wipeout downloaded office chat content on mobile devices
  • Two-factor authentication (2FA) security to drastically reduce the risk of online identity theft
  • User and access management to easily add, remove or investigate users through the admin portal

Most Trusted Certifications:

Office chat runs on AWS cloud which delivers end-to-end, enterprise grade encryption and anywhere/anytime reliability.

certifications

For details on the security certifications, please review: http://aws.amazon.com/security/

More Information:

Basic plan does not have encryption or admin options. The premium plan has encryption during transmission only. Enterprise plan has all security features.

If you would like more information please review Office Chat’s privacy policy and terms of service or contact us 

Is Office Chat HIPAA Compliant?

Yes! Enterprise level plan of Office Chat is HIPAA compliant. All files and message encrypted at all times (during transmission and at-rest).

Please see Office Chat pricing page for details on our enterprise plan.