Role required: SDAdmin
Two-factor authentication provides an extra layer of security by mandating an additional authentication method along with passwords.
In AssetExplorer, enable two-factor authentication for user logins and admin configurations under Admin > General Settings > Two Factor Authentication > Configuration.
Supported Authentication Methods
Email Verification
Users will be required to authenticate themselves using a code sent to their email.
The email verification template is customizable. In the email text, you can use $secretCode, which will be replaced by a unique code each time the email is sent to the users.
The outgoing mail server must be configured for the email verification method.
Learn more.
Google Authenticator
Users will be required to verify themselves with a Time-based OTP (TOTP) generated by the Google Authenticator app or any TOTP authenticator app such as Microsoft Authenticator, Duo Mobile, etc.
Two-factor authentication for User Login
Enable this option to prompt users for authentication during login.
The preferred
authentication method must be selected first to enable two-factor authentication for user logins.
Once two-factor authentication is enabled, the users have to enroll themselves during their first time login.
Click here to learn more.
Backup Codes for User Login
Backup codes can be enabled only for user logins. Enabling backup verification codes allows users to view, download, or generate codes that can be used as an alternative to any of the authentication methods.
Click here to know more.
Two-factor authentication for Admin Configurations
Enabling this option prompts the admin to authenticate themselves while modifying security settings under Admin > General Settings > Security Settings.
Two-factor authentication for admin configurations can be enabled for general/advanced security settings and password policy.
The preferred
authentication method must be selected first to enable two-factor authentication for Admin Configurations.
Once enabled, the admin has to enroll for two-factor authentication during their first time login.
Click here to learn more.
Enable TFA Trust to establish a time frame during which the admin can modify the security settings without the need for re-authentication.
Managing Enrolled Users
You can manage users who have enrolled for two-factor authentication under Admin > General Settings > Two Factor Authentication > Enrolled Users.
Here, you can view details such as username, domain name, and authentication type. Additionally, you can delete user enrollments by selecting one or more users and clicking Delete.