How to Set Two-factor Authentication (2FA) with Office Chat

About Two Factor Authentication

Two factor authentication (2FA) provides a more secure login process because when users try to sign in, they’ll have to provide two pieces of information:

  • The account password.
  • A single-use authorization code generated by a mobile app (e.g. Google Authenticator) OR an email message.

This is similar to a cash withdrawal machine at the bank, which requires both a debit card and a personal identification number (PIN). The difference here is that you’ll have to use a different authorization code every time you sign in, because an authorization code expires after it’s used. The network administrators can enable 2FA for all network users.

  • Two factor authentication is applied to all users (Network & guest) when logging into their Office Chat domain using the default authentication of the mechanism of Office Chat (i.e. email & password).
  • When logging in via Google Apps or other SAML providers this setting would not be applicable.
  • This feature is available to users logging in from Web, Desktop and MAC only.

Enabling Two Factor Authentication

To Activate the feature in Office Chat:

  1. Go to the Admin portal > Security > Browser access page
  2. Scroll to the Two factor authentication settings and choose the type of authentication from the drop-downThere are two different ways to retrieve authentication codes to use during login. You can either:
  • Enable 2FA token via email OR
  • Enable 2FA token via Authenticator app
  1. Set the Authentication validity period
  2. Click Save Settings

How Two Factor Authentication works once enabled:

Login via Web:

Step 1: Users log in with Username and Password

Step 2: User gets a secure code via email or an authenticator app on the mobile as configured by the network admin during set up.

Step 3: The user provides the secure code in the browser to access the account.

Steps to Reset Two Factor Authentication for Users (Admin function)

The domain administrator can reset the 2FA for users in case they lose access to the mobile device they used at the time of 2FA activation.

  1. Go to the admin portal > Users
  2. Select the user by clicking on the checkbox.
  3. Click on “User Tools” from the right side then click “Reset QR code.”
  4. The next time the user logs in, the user can set up 2FA from the beginning, providing a code from the authenticator.

Recommended Authenticator apps

You’ll need to download an authenticator app to your mobile device. The app will be able to scan QR codes and retrieve authentication data for you.

Here are some recommended authenticator apps., you can follow the links to download and install them:

The QR code will be shown next time the user logs in.
For example this is a user logging in from the web browser.