Google Authenticator Enrollment
Users can be enrolled into the Two Factor Authentication by their Administrator, and can use an Authenticator app to enter 6-digit codes. Users can be enrolled in bulk or allowed to Self-Enroll.
Supported Authenticator Apps:
- Google Authenticator, Microsoft Authenticator, Authy, DUO mobile, etc.
- See Supported Providers for more...
Admins can choose to allow user's to Self-Enroll and even to generate their own secrets, or they can enroll a user individually.
For manual user enrollment, navigate to:
- Users and Roles > click a User > click Edit > click Configure for Google Authenticator -> Choose Enable and Set the Secret
- This QR code or the configuration code must then be distributed (eg. by email or another other means) to the user.
If Self-Enrollment is enabled, users can easily follow the configure the steps below to Self-Enroll and perhaps generate their own code
- Click here to learn how to enable Self-Enrollment
- Users will be prompted after login with a password, only if 2FA is required
- Otherwise, users can also navigate to the User profile (found in the top right-hand corner)
- Click Manage Account
- Click Configure
- Download and install the Authenticator app from your mobile device's app store
- Set up a new account and either:
- Scan this QR code image with the Authenticator App,
- Or enter the following code:
- (optionally) Safeguard this secret in a secure location:
- Save a picture of this QR code or the numerical code
- This could be used in the future to transfer to another device
- Verify the configuration by entering the code that the Authenticator app provides
- Press the Verify button before the code expires
- A new code will display every 30 seconds
- Be aware: that the device time needs to remain accurate
- Allow the device to remain in-sync with Network Time Protocol (NTP)
- This authentication algorithm relies on accurate time to function correctly