support

User Roles

Admin

✗Staff contributor

✗External Contributor

✗Pulse user

This article provides a comprehensive overview for admin users on how to set up, manage, and troubleshoot two-factor authentication (2FA) in Silverfin, enhancing security for your office.

Table of contents

• Why set up Two-Factor Authentication?
• How to set up Two-Factor Authentication?
• How to disable Two-Factor Authentication?
• Troubleshooting Two-Factor Authentication
  • User is prompted for 2FA after it has been disabled
  • Can I create one shared account for multiple users?
  • User encounter errors or lost his device with autnenticator app

Why set up Two-Factor Authentication?

Two-factor authentication (2FA) requires users to enter a code from an "Authenticator" app in addition to their password. This extra step, which can be performed once every 30 days on trusted devices, greatly enhances security. It ensures that all users, both internal and external, must use 2FA for their Silverfin accounts.

Users logging in via SSO are exempt from 2FA, as SSO security rules apply.

How to set up Two-Factor Authentication?

As an admin user, you can enable 2FA by following these steps:

1. Go to the office level in Silverfin.
2. Select Users.
3. Click User Configuration.
4. Click 'Enable two-factor authentication'.
5. Confirm enabling 2FA by clicking the green button 'Enable Two-Step Verification'.

Once enabled, users will be prompted to set up 2FA during their next login. They can skip this step once but must complete it on their next login attempt.

How to disable Two-Factor Authentication?

As an admin user, you can disable 2FA by following these steps:

1. Go to the office level in Silverfin.
2. Select Users.
3. Click User Configuration.
4. Click 'Disable two-factor authentication'
5. Confirm disabling 2FA by clicking 'disable two-factor authentication'.

Users who have already set up 2FA will still need to use it to log in. You can contact support to remove 2FA for these users. However, this is not mandatory; users can choose to continue using 2FA even if it's disabled at the office level.

Troubleshooting Two-Factor Authentication

User is prompted for 2FA after it has been disabled

If a user is still being prompted to log in with two-factor authentication (2FA) even though it has been disabled at the office level, it could be due to one of the following reasons:

1. 2FA is required for another office: The user is part of another office where 2FA is still mandatory.
2. Previous 2FA setup: The user had already set up 2FA before it was disabled for your office.

Contact support to request 2FA deactivation for specific users if it’s already disabled at your office.

Can I create one shared account for multiple users?

Sharing accounts is not recommended. Instead, create separate accounts for each user. If sharing is necessary, consider using an "Authenticator" within a password manager for code sharing. 

User encounter errors or lost his device with authenticator app

As an admin user, you can reset a user's 2FA. This sends a new QR code to the user, allowing them to set up their 2FA app again. 

1. Go to the user’s profile at the office level.
2. Click Reset Authentication.

After resetting, instruct the user to delete the old Silverfin account from their authentication app to avoid confusion.