0
edits
Changes
no edit summary
==Configuring a Role to Use Two-Factor Authentication==
* Two-Factor Authentication is configured by [[User Role]].
* '''''For roles that have this feature enabled, the use of Two-Factor Authentication becomes mandatory.'''''
[[Image:EnableTwoFactor1.png|800px|border]]
* Click on [[Roles & Permissions|Roles & Permissions]] (located on the [[Configuration Menu]] on the left-hand navigation bar)
* Click on the hyperlink for User Roles
* Click the ''Edit'' button next to the role for which you wish to add Two-Factor Authentication
* Click on the drop-down for the Two-Factor Authentication option. There are a number of options exposed: :*:* None:*:* Time-based One-time Password (TOTP):*:* RSA Disconnected Token
* Hit Save.
* Use Send Password button on user profile to send them an email with Activation link.
When the user receives the new password then they navigate to the activation screen.
If this is the first time the user has had a code generated then the screen should include a '''QR Code''' that can be scanned using Google Authenticator. The actual authentication code is also provided in case there are issues with the use of Google Authenticator.
[[Image:EnableTwoFactor 3.png|800px|border]]
If the user has an existing QA Code then the user can click a button to generate a new code and re-sync or can proceed to the login page.
Users will then be prompted to enter the one-time code after entering their user name and password. <br />
[[Image:EnableTwoFactor3.png|800px|border]]
==Notes==
* If both [[Single Sign-On]] and Two-Factor Authentication are in use, there is a Single Sign-On setting option that will control whether or not Two-Factor Authentication will be required when a user authenticates via SSO.
==See Also==
