Two-Factor Authentication

Two-Factor Authentication


Role required: SDAdmin

Two-factor authentication provides an extra layer of security by mandating an additional authentication method along with passwords.

In AssetExplorer, enable two-factor authentication for user logins and admin configurations under Admin > General Settings > Two Factor Authentication > Configuration.
 

Supported Authentication Methods  

Email Verification

Users will be required to authenticate themselves using a code sent to their email.

The email verification template is customizable. In the email text, you can use $secretCode, which will be replaced by a unique code each time the email is sent to the users.
The outgoing mail server must be configured for the email verification method. Learn more
 

Google Authenticator 

Users will be required to verify themselves with a Time-based OTP (TOTP) generated by the Google Authenticator app or any TOTP authenticator app such as Microsoft Authenticator, Duo Mobile, etc.
 

Two-factor authentication for User Login 

Enable this option to prompt users for authentication during login.
The preferred authentication method must be selected first to enable two-factor authentication for user logins.  


Once two-factor authentication is enabled, the users have to enroll themselves during their first time login. Click here to learn more.

Backup Codes for User Login 

Backup codes can be enabled only for user logins. Enabling backup verification codes allows users to view, download, or generate codes that can be used as an alternative to any of the authentication methods. Click here to know more.
 

Two-factor authentication for Admin Configurations 

Enabling this option prompts the admin to authenticate themselves while modifying security settings under Admin > General Settings > Security Settings.

Two-factor authentication for admin configurations can be enabled for general/advanced security settings and password policy.
The preferred authentication method must be selected first to enable two-factor authentication for Admin Configurations. 
Once enabled, the admin has to enroll for two-factor authentication during their first time login. Click here to learn more.

Enable TFA Trust to establish a time frame during which the admin can modify the security settings without the need for re-authentication.


   

Managing Enrolled Users         

You can manage users who have enrolled for two-factor authentication under Admin > General Settings > Two Factor Authentication > Enrolled Users.

Here, you can view details such as username, domain name, and authentication type. Additionally, you can delete user enrollments by selecting one or more users and clicking Delete.



    • Related Articles

    • Enroll for Two-Factor Authentication

      Role Required: All technicians If two-factor authentication is enabled by the admin, users can enroll for it during their first login. If the admin has enabled both Email Verification and Google Authenticator, users can choose their preferred ...
    • Active Directory Authentication

      Role Required: SDAdmin You can authenticate user login to AssetExplorer via Active Directory. AD-based authentication can be configured in two ways: Log in using AD Credentials Enable user login for AssetExplorer. Hover over Active Directory ...
    • LDAP Authentication

      Role Required: SDAdmin You can allow users to log in to AssetExplorer using their LDAP credentials. After the users are imported, hover over the LDAP authentication check box. Click Edit. Select the Enable LDAP Authentication checkbox. Click Save. ...
    • Set Local Authentication Password

      Role Required: SDAdmin LDAP allows users to use their LDAP credentials while logging in to AssetExplorer. You can set a default local authentication password for users imported through LDAP. Users can change this password after the first login. To ...
    • Set Local Authentication Password for Imported Users

      Role Required: SDAdmin You can set a default local authentication password for users imported through AD. Users can change this password after the first login. To set a local authentication password from the Active Directory configuration page, Hover ...