If you want further information about Access Identity 2FA check out our introduction article here.
What is individual 2FA?
If 2FA has been enabled by your admin and is not enabled for all users, individual users can opt in by following the below steps.
Your domain does not have to be registered with identity to setting up individual enablement and employees without their domain registered can complete this.
When 2FA is in use, Access Identity provides multiple security options for users to protect their account:
users can opt in to 2FA and register a trusted device (e.g their phone) to receive a code that can be entered in the second step of their sign-in process, protecting users who may have had their password compromised.
the option to use SMS and the ability to use a broader set of authenticator apps such as Google Authenticator, Authy or FIDO2 to secure and log into your Identity account.
there is also the option for *forced 2FA*, where all users with that domain have it applied to their logins.
-- Steps for enabling 2FA individually --
First of all login by going to https://identity.accessacloud.com
Register by selecting the 'Two Factor Authentication' tab and select 'Get started with two- factor authentication':
You will then be presented with three options:
The first option is if you would like to use a hardware security key or the biometric features on your device.
The second option is the simplest to setup, it simply adds a phone number to take an SMS message which will contain a verification code.
The last option is to use an authentication app on your phone – the advantage of this is that it is a lot faster and more convenient in getting the required verification code compared to SMS.
Select ' Add authenticator' on the option you wish to enable.
Please note option (3) asks the user to scan a QR code with the authenticator application, the user will then be provided with a code to enter.
Once the 2FA device/method has been registered and set up, backup codes will be presented.
What are back up codes?
Back up codes are extremely important for the user to store as they will enable them to get back into their account in the scenario that the phone they’ve registered has been lost or stolen.
There is an additional feature that lets a domain owner switch off a user’s 2FA if that user has lost their phone, but this is only applicable if their organisation has proven ownership of their company domain first.
Before 2FA can be enabled the user will need to tick the box ‘I understand the use of back up codes’ and then click ‘Enable Two Factor’.
Any questions contact: firstname.lastname@example.org