For extra protection of your environment and your users, you can set up a Two-factor authentication. After the user is logged in with his email address and password or OpenID and has possibly selected a user from the list, a code will be requested. This code is generated by an Authenticator app or may be a pin code.
This page shows you how to set this up.
Please note: Everything you set up here is applicable to all selected user types.
You can only activate the Two-factor Authentication option if you are account owner of your domain/environment.
In addition to the Google Authenticator app, this functionality is also available for other authenticator apps like Microsoft and Lastpass.
Actions for the account owner:
Go to 'My Account' at the top of your screen.
Open the 'Security settings'.
Click on the type of user for which you wish to activate Two-factor authentication and make a choice from the drop-down menu. This will then be activated for all users.
Please note: If you activate this for your own user type, you will have to set this up immediately when you login for the first time.
Actions for the end user with the 'pin code' option:
When the end user, for whom the pin code has been activated logs in and selects his user account, he needs to select a pin code. The user can now enter his pin code twice. Thereafter, he can log in.
In the personalised profile page the pin code can be changed via 'User profile-> Profile -> Change Pin code', see image below.
Actions for the end user when using the 'Authenticator app':
When the end user, for whom Two-Factor Authentication has been activated logs in and selects his user account, he will see the following screens. The user can link his Authenticator app himself. Thereafter, he can log in.
It is also possible to use other authenticator apps like Microsoft or Lastpass.
If the email address concerned has multiple logins such as an employee login and a manager login, it is important not to have an identical description of the account (First Name and Last Name). Otherwise, the accounts could possibly be merged, as a result of which it is not possible to log in with several profiles. To overcome this problem, the word 'manager' could be included with the last name of the manager login, for instance.
Reset Authenticator app
If a user no longer has access to the Authenticator app, a 'reset' can be done at the login for which it is set up. The user can then make the link again between the app and its user.
For this, click on the telephone icon next to the user.