About Two Factor Authentication
Two factor authentication (2FA) provides a more secure login process because when users try to sign in, they’ll have to provide two pieces of information:
- The account password.
- A single-use authorization code generated by a mobile app (e.g. Google Authenticator) OR an email message.
This is similar to a cash withdrawal machine at the bank, which requires both a debit card and a personal identification number (PIN). The difference here is that you’ll have to use a different authorization code every time you sign in, because an authorization code expires after it’s used. The network administrators can enable 2FA for all network users.
- Two factor authentication is applied to all users (Network & guest) when logging into their Office Chat domain using the default authentication of the mechanism of Office Chat (i.e. email & password).
- When logging in via Google Apps or other SAML providers this setting would not be applicable.
- This feature is available to users logging in from Web, Desktop and MAC only.
Enabling Two Factor Authentication
To Activate the feature in Office Chat:
- Go to the Admin portal > Security > Browser access page
- Scroll to the Two factor authentication settings and choose the type of authentication from the drop-down. There are two different ways to retrieve authentication codes to use during login. You can either:
- Enable 2FA token via email OR
- Enable 2FA token via Authenticator app
- Set the Authentication validity period
- Click Save Settings
How Two Factor Authentication works once enabled:
Login via Web:
Step 1: Users log in with Username and Password
Step 2: User gets a secure code via email or an authenticator app on the mobile as configured by the network admin during set up.
Step 3: The user provides the secure code in the browser to access the account.
Steps to Reset Two Factor Authentication for Users (Admin function)
The domain administrator can reset the 2FA for users in case they lose access to the mobile device they used at the time of 2FA activation.
- Go to the admin portal > Users
- Select the user by clicking on the checkbox.
- Click on “User Tools” from the right side then click “Reset QR code.”
- The next time the user logs in, the user can set up 2FA from the beginning, providing a code from the authenticator.
Recommended Authenticator apps
You’ll need to download an authenticator app to your mobile device. The app will be able to scan QR codes and retrieve authentication data for you.
Here are some recommended authenticator apps., you can follow the links to download and install them:
- Google Authenticator(Android/iPhone/BlackBerry)
- Duo Mobile(Android/iPhone)
- Amazon AWS MFA(Android)
- Authenticator(Windows Phone 7)
- https://goo.gl/20KZll (Chrome extension)
The QR code will be shown next time the user logs in.
For example this is a user logging in from the web browser.
