For two-factor authentication, the user needs to enter a username and password (or SSO) first, then supply a code (the second factor), which is sent by email or SMS and must be entered to complete login and grant access. Two-factor authentication is only available for server applications.
- Go to the
Administration tab and select
General settings>
Corporation >
Login.
- Go to Two-factor authentication and select the access (WebApp, Mobile, Full access) for which a second factor should be required.
- Set exceptions:
- for certain
User groups
Example: Administrator
- for certain IP addresses
Example: own intrant IP address ("192.100.168,*;!192.100.168.254": excluding all from the subnet (intranet) 192.100.168.0 to .255)
- Select an
Email sending account and a
Text template of the "Text block" type for the code, or store a formula for the SMS text. Use the "Get 2FA Code" function in the template / SMS formula to retrieve that code.
- Go to the
Administration tab and select
Users >
User.
- Select which Method should be used to authenticate the user and, if necessary, enter an Alternative email address or SMS number.
- In the WebApp access for staff, accounts or contact persons, set the transmission path in the service user for all WebApp accesses.