User Roles | Admin | ✗Staff contributor | ✗External Contributor | ✗Pulse user |
This article provides a comprehensive overview for admin users on how to set up, manage, and troubleshoot two-factor authentication (2FA) in Silverfin, enhancing security for your office.
Table of contents
- Why set up Two-Factor Authentication?
- How to set up Two-Factor Authentication?
- How to disable Two-Factor Authentication?
- Troubleshooting Two-Factor Authentication
Why set up Two-Factor Authentication?
Two-factor authentication (2FA) requires users to enter a code from an "Authenticator" app in addition to their password. This extra step, which can be performed once every 30 days on trusted devices, greatly enhances security. It ensures that all users, both internal and external, must use 2FA for their Silverfin accounts.
Users logging in via SSO are exempt from 2FA, as SSO security rules apply.
How to set up Two-Factor Authentication?
As an admin user, you can enable 2FA by following these steps:
- Go to the office level in Silverfin.
- Select Users.
- Click User Configuration.
- Click 'Enable two-factor authentication'.
- Confirm enabling 2FA by clicking the green button 'Enable Two-Step Verification'.
Once enabled, users will be prompted to set up 2FA during their next login. They can skip this step once but must complete it on their next login attempt.
How to disable Two-Factor Authentication?
As an admin user, you can disable 2FA by following these steps:
- Go to the office level in Silverfin.
- Select Users.
- Click User Configuration.
- Click 'Disable two-factor authentication'
- Confirm disabling 2FA by clicking 'disable two-factor authentication'.
Users who have already set up 2FA will still need to use it to log in. You can contact support to remove 2FA for these users. However, this is not mandatory; users can choose to continue using 2FA even if it's disabled at the office level.
Troubleshooting Two-Factor Authentication
User is still prompted for 2FA after it has been disabled
If 2FA has been disabled on the office level, but a user is still prompted to log in with it, it’s likely due to one of these reasons:
- The user needs 2FA for another office that mandates it.
- The user had set up 2FA before it was disabled for your office.
Contact support to request 2FA deactivation for specific users if it’s already disabled at your office.
Can I create one shared account for multiple users?
Sharing accounts is not recommended. Instead, create separate accounts for each user. If sharing is necessary, consider using an "Authenticator" within a password manager for code sharing.
User encounter errors or lost his device with authenticator app
As an admin user, you can reset a user's 2FA. This sends a new QR code to the user, allowing them to set up their 2FA app again.
- Go to the user’s profile at the office level.
- Click Reset Authentication.
After resetting, instruct the user to delete the old Silverfin account from their authentication app to avoid confusion.