Two-Factor Authentication - [TG]
Table of Contents
Two-Factor Authentication (2FA) - also referred to as Multi-factor Authentication (MFA) is an easy way to significantly increase the security of your account, and prevent it from being compromised.
See why it is important here: Microsoft | What is multi-factor authentication?
Digital Matter strongly recommend that partners enable 2FA on their user accounts, and accounts of any personnel - as these accounts typically have access to multiple customer organisations and data.
2FA can be enforced at an organisation level, or set individually on a user account.
When it is set on a user account - the user can configure this themselves via the Manage Account page, or an admin can enable it on their account for them, or on account creation.
Enable via the Manage Account Page Page
Go to Manage Account - find in the top right of the screen
If not already enforced on the organisation - this option will be available to select or unselect. In this image it's already been enforced on all accounts within the organisation.
Enable at an Organisation Level
2FA can enforced for all users for an organisation by editing the organisation's Password Policy
Any newly created users will have 2FA enforced, and all other users will need to 2FA on their next login attempt.
It is best to leave the default 30 days but it can be adjusted if need be.
In this scenario a user will have to enter a code from their app once every 30 days.
Enable on a User Account
It generally makes the most sense to enable across an entire organisation, but 2FA can be enabled on individual user accounts if required.
2FA can be enabled when inviting users:
Or by editing a user account for existing users:
2FA setup process for users
See Detail Here
When first setting up 2FA, after logging in with username/password, the following screen will appear:
An email will be sent containing a key (string of letters) enter this key and proceed to the next step:
The QR code shown is just an example - users should scan the one that appears when they login and not this one
On their mobile phone, the user must download an Authenticator App. Examples include:
Scanning the QR code from this app will then allow a One Time Password (OTP)/Authentication code to be generated and entered.
If for some reason the QR can't be scanned - a secret can be generated and entered manually into the app
The entry will appear in the authenticator app as the name of the user's home organisation.