This article explains the 2 step authentication settings
Path: Manage Workspace >> Security >> Access Restrictions >> 2 Step Authentication
The 2 step authentication feature works when using the IdeaScale Email (instead of username) and Password Authentication service alone or in combination with other authentication services such as SSO and social login. The 2 step authentication feature applies only to the IdeaScale Email and Password authentication pathway. The authentication pathway by SSO and social login is controlled by those other services.
It can be enabled at 2 places.
1. Administrative level
Workspace Administrator can enable 2 step authentication from Manage Workspace >> Security >> Access Restrictions >> 2 Step Authentication. where the administrator can choose to have user authenticate after Every 30 days on trusted devices or every time a user login by using Do not support trusted devices.
2. Individual user level
2FA is an individual Security setting made available to members, when it is enabled by the workspace administrator on the workspace level. Workspace Administrators can choose to have the setting enabled or disabled for the members of the workspcae.
This authentication can be done in two ways, one being an email received by the user with a One Time Password & another using the authenticator app by scanning the QR to get the 6 digits code to be logged into the community. The administrator of the community can set up the authentication in both or either of the ways. If the administrator decides to set up only by one way in the community, then the user will be able to enable it through that method only in the profile section.
If 2FA is enabled at workspace level, members will not be able to turn it off from their profile page.
Once the 2 step authentication is enabled, every user logging in for the first time will have to follow these procedures.
The user will have to select the second step for their authentication. In the below screenshot, the user has selected 'Email me a code'. The code will be sent to his registered email address.
The first time user of this authentication will also be given 5 backup codes to login in case you are away from your phone, when you are traveling or in the event of the stolen device. Each code can be used only once. Please record them in a safe place.
After you have made a note of these backup codes, hit 'Complete', you will be moved to the Profile section of the user.
If at any point you have not made a note of this codes during your login you could get these codes from Profile >> Security >> 2 Step Authentication
Back up codes for 'Email me a code' would be generated. The member can use refresh codes link to generate new set of codes.
Use an 'Authenticator App' option will require you to download an authenticator app to scan the QR code inorder to receive the 6 digit code.
Google Authenticator app can be downloaded from apps store. It scans QR code and gives 6 digit code.
When Mixed authentication is enabled in a community, 2FA will be asked only when the members login via IdeaScale Email/ Password. Members logging in via SSO will not be asked to authenticate via 2FA.