* __TOC__
=Overview=
The '''Two-Factor Authentication '''function provides a second factor - this can be something that someone has (for example, an access card) or some unique property of that person (for example, a fingerprint, or a code sent to a personal mobile device).
A user The security impact of the '''Two-Factor Authentication '''is that while a user may lose an access card or get duped into sharing a password, but the odds of both happening to a single user are dramatically reduced. Using '''Two-Factor Authentication '''therefore enhances an organization's ability to ensure that no one is using illegitimate means to gain access.
'''Two-Factor Authentication '''is a required component of maintaining [[SmartSimple]]'s SOC2 security status. SmartSimple supports two different '''Two-Factor Authentication '''approaches:
==Configuring a Role to Use Two-Factor Authentication==
'''Two-Factor Authentication '''is configured by [[User Role]]. For best practice, it is recommended to specifically create '''Two-Factor Authentication '''as a new role and adding add it to the existing users. While '''Two-Factor Authentication '''can be added to an existing role, it is not recommended because it will become more complex to manage. <br />For roles that have this feature enabled, the use of '''Two-Factor Authentication '''becomes mandatory. This involves a drastic change in user experience, so SmartSimple recommends that this action be rolled out to users in small groups at the beginning of the process.
The first step of the implementation process is to create this role in your [[SmartSimple]] [[instance]].
Follow the steps below in order to configure a [[User Role|user role to ]] to '''Two-Factor Authentication -: '''
1. Click on the 9-square menu icon on the top right of your page.
4. Click on the '''+ icon '''on the top left in order to '''Create a New Role. '''
:: [[File:2factor create new user role.png|600px500px|border]] 4. The '''New Role '''page will be displayed.
4:: [[File:2factor new role. Click on png|500px|border]] Fill out the following details: * '''Name: '''2 Factor Authentication (for clarification of the role purpose) * '''Caption: '''2 Factor Authentication (as the caption is typically the same or similar to the '''pencil icon Name''') * '''Description: '''next to TOTP (for clarification of the role purpose) 5. In the '''Two Factor Authentication '''field, click into it and select the option '''Time-based One-time Password (TOTP).''' * '''Note''': If you select the '''None '''option, this means that '''t'''here will be no two-factor authentication enabled for which you wish this user role. When someone with this user role tries to enter the system, they are able to add successfully log in by inputting just their correct username and password combo. 6. Click the '''Two-Save '''button at the bottom of the page. The page will refresh with the role saved into the system. To check that your role has been successfully added: 1. Click the '''list icon '''in the top left row of buttons on the '''2 Factor AuthenticationAuthentication '''Role page. :: [[File:Return to user roles.png|90px|border]] 2. This will bring you to the [[List View Overview|list]] of all user roles in the system once more. You should now see the '''2 Factor Authentication '''role listed. :: [[File:2factor role.png|600px|border]]
:: [[File:2factor pencil icon.png|30px|border]].
This will bring you to the '''Edit '''details for that role.
5. Under the '''General '''tab, scroll down until you see the '''Two-Factor Authentication '''field.
:: [[File:2factor from edit role.png|500px|border]]
By clicking into the drop-down, you have the ability to select from a number of different options:
* '''None: '''There will be no two-factor authentication enabled for this user role. When someone with this user role tries to enter the system, they are able to successfully log in by inputting just their correct username and password combo.
* '''Time-based One-time Password (TOTP): '''T
/
