Configure Two-Factor Authentication

Configure Two-Factor Authentication


This article provides the steps to configure two-factor authentication.

 

Two-factor authentication (2FA) is a security measure that requires the user to input their password and then a generated 6-digit code.

There are currently two different options for 2FA: ‘Email’, and ‘Mobile App'.
If 'Email’ is selected, you will receive an email containing a 6-digit code.
If ‘Mobile App’ is selected, a 3rd-party mobile app will have to be configured.
Some 3rd-party app recommendations are: Authy by Twilio, Google Authenticator, or Microsoft Authenticator

2FA settings are only applicable to the Internal authentication provider. OIDC providers will not have these same settings.

Configuring 2FA From the User Profile

This method can only change the current setting for the user account logged in.

  1. The edit button allows you to change your security settings
  2. This field showcases whether or not you have one of the 2FA methods Active
  3. This field showcases the current 2FA method for your account

 

 

 

Enabling 2FA From the Identity Provider Screen

Select the ID Provider of the user you would like to manage.

When changing this setting for other users, it is recommended to only set it to the ‘Email’ option. Otherwise, the user will need to be there to scan the QR code or you will have to send them the 32-digit code.

  1. Navigate to the “Users” tab
  2. Select a user to edit
  3. Edit
  4. Select the desired 2FA method
  5. Save or Cancel

 

 

Enabling 2FA From the Enterprise Users Screen

Select the email of the enterprise user you wish to edit.

When changing this setting for other users, it is recommended to only set it to the ‘Email’ option. Otherwise, the user will need to be there to scan the QR code or you will have to send them the 32-digit code.

  1. Navigate to the Identity Provider tab
  2. Select the ID provider
  3. Edit
  4. Select the desired 2FA method
  5. Save or Cancel

 

 

 

Setting up a 3rd-Party Mobile App

Preparing in Fuuz

When using the ‘Mobile App’ setting, a QR code and 32 digit code will be shown only one time in Fuuz. It is recommended to store the 32-digit code somewhere secure.

  1. A QR code that can be scanned by a mobile device to automatically setup a 3rd party app.
  2. A 32 digit code that can be manually entered into an app.
  3. Accept or Cancel

 

Configuring a Mobile App

Use whichever mobile authenticator app you feel the most comfortable using. For the purpose of this guide, the screenshots will be from Microsoft’s Authenticator; however, the process will be fairly similar regardless of your choice.

  1. Add a new account
  2. Select the type of account (Other)
  3. Scan the QR code shown in Fuuz
  4. Or enter the 32 digit code manually if the QR code is not working properly








Logging in to Fuuz with 2FA enabled

After entering your username and password like normal, there will be a new screen before you gain access to Fuuz.

  1. Obtain the 6-digit login code
    1. If your configured method is ‘Email’, check your inbox for an email that will arrive after attempting to login.
    2. If your configured method is ‘Mobile App’, open the app which you used earlier in the setup process.
  2. Enter the code in Fuuz and login

    • Related Articles

    • Identity Providers

      Identity Providers are used to authenticate the user to the system. There are three different identity provider types: Internal, OpenID Connect SSO (OIDC) and Basic API Access. Internal providers will require a password from the user with the option ...

    • Enterprise Users

      Open the Fuuz app. Select Fuuz → System → Access Control → Enterprise Users dropdown menu. Or Type Enterprise into the Search Bar: From here, it is possible to perform the following task or tasks. Search for an enterprise user. Create an enterprise ...

    • Basic API

      The Basic API Access identity provider type allows for basic authentication with conventional username and password. Basic API Access only allows access to the API and should only be used when the length of an API Key is too long for the provider to ...

    • System Menu - Sub Tab "Enterprise Users"

      This is where you will generally manage all of your users - across the entire “enterprise” Leading practice is to make sure you’re in your “Admin” Fuuz tenant - then you can administer all users from a single place. Enterprise Users Email Address ...

    • System Menu - Sub Tab "Identity Providers"

      In this area of the system - you’ll find your identity providers - typically you’ll see “internal” meaning you’re using the Fuuz system to manage and authenticate your Fuuz users. However, you maybe using our OIDC capabilities to levarage single sign ...