How does 2-factor authentication for administrators work?¶

We have added an additional layer of security for clients, designed to ensure that an administrator is the only person who can access their Potentiality account, even if someone else knows their password.

The 2-factor authentication process is a method of confirming a users' claimed identity by using a combination of two different factors: 1) something they know i.e. password and 2) something they have i.e. a mobile number.

This feature is currently an optional extra which you can enable for your administrators if you think this will benefit your organisation. However, the next release will make this a mandatory feature which will be necessary for any admins who log on using an unknown PC.

NOTE: Please ensure that all administrators have a valid and up to date mobile phone number recorded on their user profile before enabling this feature.

Topics covered on this page:¶

How do I enable 2-factor authentication for my site?

What is the login process for admins using 2-factor authentication?

What happens if the admin doesn't have a mobile number attached to their profile?

How do I enable 2-factor authentication for my site?¶

To enable 2-factor authentication:

Go to Customise your Site > View site wizard on the admin tools menu.
Under the Privacy, Access, and Visibility tab; click on the *Enable 2-factor authentication link *(highlighted below).
Tick the checkbox and click Update.

You can disable this feature at any time by unticking the same checkbox and clicking 'Update' to commit your changes to the database.

What is the login process for admins using 2-factor authentication?¶

The process for logging onto your site once 2-factor authentication has been enabled is straight forward.

Simply follow the steps below:

Administrators should log onto your site in the normal way by entering their email and password into the login fields.
If they have a valid mobile number attached to their account, the following message will display.
A text message, similar to the one below, will be immediately delivered to their mobile phone.
Using the example above, the administrator would then type the code 3173 (within the first 20 minutes of receiving the text) into the Type your access code field.
Click Submit to access the site.

What happens if the admin doesn't have a mobile number attached to their profile?¶

In situations where an administrator, without a mobile number attached to their record, attempts to log onto a 2-factor authentication enabled site; the following message will be displayed to prompt them to enter a valid mobile phone number:

The administrator must enter their mobile number into the field above, remembering to add the country code e.g. for the UK, the user would enter +44(their mobile number excluding the zero at the front) i.e. +447868594444.
A text message, similar to the one below, will be immediately delivered to their mobile phone.
Using the example above, the administrator would then type the code 3173 **(within the first 20 minutes of receiving the text) into the **Type your access code field.
Click Submit to access the site.

If you have any further queries, please contact info@ptly.com for assistance.

sub-pages¶

Files (5)

Tags:

0 0

20210819-053331-520.png (60.7 KB) 20210819-053331-520.png		wiki editor, 19 Aug 2021 07:32 AM
20210819-053555-673.png (39 KB) 20210819-053555-673.png		wiki editor, 19 Aug 2021 07:35 AM
20210819-053623-842.png (18.4 KB) 20210819-053623-842.png		wiki editor, 19 Aug 2021 07:35 AM
20210819-053710-153.png (53.7 KB) 20210819-053710-153.png		wiki editor, 19 Aug 2021 07:36 AM
20210819-053727-255.png (18.6 KB) 20210819-053727-255.png		wiki editor, 19 Aug 2021 07:36 AM

Project

General

Profile

Public

Wiki

Tags