This article explains the 2 step authentication settings
Path: Community Settings >> Security >> Access Restrictions >> 2 Step Authentication
The 2 step authentication feature works when using the IdeaScale Email (instead of username) and Password Authentication service alone or in combination with other authentication services such as SSO and social login. The 2 step authentication feature applies only to the IdeaScale Email and Password authentication pathway. The authentication pathway by SSO and social login is controlled by those other services. This section is a part of Advanced settings.
Toggle the switch to Advanced to access the setting.
It can be enabled at 2 places.
1. Administrative level
Administrator of the community can enable 2 step authentication from Community Settings >> Security >> Access Restrictions >> 2 Step Authentication. Where the administrator can choose to have user authenticate after Every 30 days on trusted devices or every time a user login by using Do not support trusted devices.
2. Individual user level
2FA is an individual Security setting made available to standard users, which they can choose to enable or disable at will, from the profile section. Administrators will still have the community level access to enable or disable this feature.
This authentication can be done in two ways, one being an email received by the user with a One Time Password & another using the authenticator app by scanning the QR to get the 6 digits code to be logged into the community. The administrator of the community can set up the authentication in both or either of the ways. If the administrator decides to set up only by one way in the community, then the user will be able to enable it through that method only in the profile section.
If 2FA is enabled at community level, members will not be able to turn it off from their profile page.
Once the 2 step authentication is enabled, every user logging in for the first time will have to follow these procedures.
The user will have to select the second step for their authentication. In the below screenshot, the user has selected 'Email me a code'. The code will be sent to his registered email address.
The first time user of this authentication will also be given 5 backup codes to login in case you are away from your phone, when you are traveling or in the event of the stolen device. Each code can be used only once. Please record them in a safe place.
After you have made a note of these backup codes, hit 'Complete', you will be moved to the Profile section of the user.
If at any point you have not made a note of this codes during your login you could get these codes from Profile >> Security >> 2 Step Authentication
Back up codes for 'Email me a code' can be generated by clicking on Generate Codes
Back up codes for 'Authenticator App'
Google Authenticator app can be downloaded from apps store. It scans QR code and gives 6 digit code.
When Mixed authentication is enabled in a community, 2FA will be asked only when the members login via IdeaScale Email/ Password. Members logging in via SSO will not be asked to authenticate via 2FA.