Two-Factor Authentication

Two-Factor Authentication


Role required: SDAdmin

Two-factor authentication provides an extra layer of security by mandating an additional authentication method along with passwords.

In AssetExplorer, enable two-factor authentication for user logins and admin configurations under Admin > General Settings > Two Factor Authentication > Configuration.
 

Supported Authentication Methods  

Email Verification

Users will be required to authenticate themselves using the code sent to their email.

The email verification template is customizable. In the email text, you can use $secretCode, which will be replaced by a unique code each time the email is sent to the users.
Info
For email verification to work, the outgoing mail server must be configured. Learn more
 

Google Authenticator 

Users will be required to verify themselves with a Time-based OTP (TOTP) generated by the Google Authenticator app or any TOTP authenticator app, such as Microsoft Authenticator, Duo Mobile, etc.
 

Two-factor authentication for User Login 

Enable this option to prompt users for authenticate during login.
Info
To enable two-factor authentication for user logins, first select the preferred authentication method.
You can enable TFA for specific users. Hover over criteria fields and click Edit to open the fields in an editable format.
  1. Choose TFA criteria for Users.
  2. Select users from the combo box or click to view all users in a pop-up for selection.


Finally, Save the login rule or reset the configuration to default by clicking Clear Rules and Save.

When two-factor authentication is enabled, the users must enroll themselves during their first login. Learn more. 

Backup Codes for User Login 

Backup codes can be enabled only for user logins. Enabling backup verification codes allows users to view, download, or generate codes that can be used as an alternative to any of the authentication methods. Learn more.
 

Two-factor authentication for Admin Configurations 

Enabling this option prompts the admin to authenticate themselves while modifying settings under Admin .

Two-factor authentication can be enabled for the following admin configurations:
  1. General and advanced Security Settings
  2. Password Policy under Security Settings
  3. Adding and editing Custom Functions
  4. Decrypting Integration key
Info
To enable two-factor authentication for admin configurations, firt select the preferred authentication method.
When this option is enabled, the admin must enroll for two-factor authentication during their first login. Learn more. 

Enable TFA Trust to establish a time frame during which the admin can modify settings without re-authentication.

 

Managing Enrolled Users

You can manage users who have enrolled for two-factor authentication under Admin > General Settings > Two Factor Authentication > Enrolled Users.

Here, you can view details such as username, domain name, and authentication type. Additionally, you can delete user enrollments by selecting one or more users and clicking Delete.



    • Related Articles

    • Enroll for Two-Factor Authentication

      Role Required: All technicians If two-factor authentication is enabled by the admin, users can enroll for it during their first login. If the admin has enabled both Email Verification and Google Authenticator, users can choose their preferred ...

    • Active Directory Authentication

      Role Required: SDAdmin You can authenticate user login to AssetExplorer via Active Directory. AD-based authentication can be configured in two ways: Log in using AD Credentials Enable user login for AssetExplorer. Hover over Active Directory ...

    • LDAP Authentication

      Role Required: SDAdmin You can allow users to log in to AssetExplorer using their LDAP credentials. After the users are imported, hover over the LDAP authentication check box. Click Edit. Select the Enable LDAP Authentication checkbox. Click Save. ...

    • Set Local Authentication Password

      Role Required: SDAdmin LDAP allows users to use their LDAP credentials while logging in to AssetExplorer. You can set a default local authentication password for users imported through LDAP. Users can change this password after the first login. To ...

    • Set Local Authentication Password for Imported Users

      Role Required: SDAdmin You can set a default local authentication password for users imported through AD. Users can change this password after the first login. To set a local authentication password from the Active Directory configuration page, Hover ...