Two-Factor Authentication (2FA) requires users to verify their identity using both a password and a code sent to their mobile device in addition to their password. It provides an added layer of security, particularly for users with extensive permissions such as knowledgebase administrators.
If you use text messages to send 2FA codes, users must have a valid phone number associated with their user records. Non-US numbers should be preceded by + and then the country code. |
When 2FA is set up in your system, you need your 2FA device handy when you log in.
These steps are necessary only the first time you log in after 2FA has been enabled, or if you lose your secret key by reinstalling the app or changing your device. The steps below use Google Authenticator as an illustration, but you can use any other third-party 2FA app as well.
Now, the app shows live-updating codes for each account you've configured. Navigate back to Agiloft and click Enter Code, then follow the Signing In steps above.
You can enable two-factor authentication from a Knowledgebase or the admin console. Admin console access is only available for on-premise customers who maintain their own server.
To enable 2FA:
In a specific Knowledgebase, log in as an admin, click the Setup gear in the top-right corner, and go to Access > Two Factor Authentication.
For all KBs on the server, log in to the admin console and go to General > Settings and click Two Factor Authentication.
If you don't see Two Factor Authentication, you likely need to upgrade to a later release. |
Select the Require two factor authentication checkbox.
You can optionally Exclude groups or Exclude users from two-factor authentication. For instance, you might allow users with low permission levels to log in with only a password, while admin-level users must provide two forms of authentication. When excluding specific users from 2FA, enter the user’s Login. Use a comma to separate multiple logins.
Choose whether two-factor authentication is required For every login, or only For the first login from a particular device.
Optionally, if you chose to require it for the first login only, choose an expiration period after which users must reauthenticate.
Two-factor authentication uses cookies, which are both browser and device-specific. Logging in from a different device, a different browser on the same device, or after clearing cookies from the browser cache will prompt the user for reauthentication. |
Related articles |