Two-Factor Authentication (2FA)
Table of Contents
Users Set-up and Log-in with 2FA
Introduction
What is Two-Factor Authentication (2FA)?
Two-factor authentication (2FA) provides an additional layer of security to your accounts and increases your protection against unauthorized access. It significantly decreases the risk of a hacker accessing your online accounts by combining your password (something you know) with a second factor, like your email (something you have).
The Importance of Two-Factor Authentication
- Enhanced Security: 2FA reduces the risk of unauthorized access by making it more difficult for attackers.
- User Verification: It ensures that the person trying to access the account is the actual user.
- Protection of Sensitive Data: It provides an extra barrier to protect sensitive data and information.
Enable 2FA for the Arborgold Site (company-wide)
To enable 2FA for your Aborgold database:
- Navigate to and click the Set-up (gear) icon in the top navigation bar.
- Click on Settings.
- Click Security on the right-side navigation.
- Type the email domain(s)for the addresses that should receive the 2FA authorization code emails.
- For example, if an employee’s email is johndoe@arborgold.com, type @arborgold.com in the Email Domain field; if an employee’s email is johndoe@gmail.com, type @gmail.com in the Email Domain field. Separate multiple email domains with a semi-colon.
To enhance the security of your accounts, we have implemented a feature called Email Domain restriction. This feature ensures that only users with email addresses from specific domains can enroll in 2FA. For example, if you don't include "@aol.com" in the Email Domain field in your company settings, employees with an “@aol.com” email address will not receive the 2FA authorization code emails needed to log into the system. This restriction adds an extra layer of protection against unauthorized access to your accounts, making it even more difficult for hackers to gain entry.
- For example, if an employee’s email is johndoe@arborgold.com, type @arborgold.com in the Email Domain field; if an employee’s email is johndoe@gmail.com, type @gmail.com in the Email Domain field. Separate multiple email domains with a semi-colon.
5. Click the toggle ON for 2FA Enabled.
Once enabled, all users will be prompted to enroll in 2FA the first time they log in after this change.
Users Set-up and Log-in with 2FA
A step-by-step guide for users to set up a 2FA user login flow:
Log-in Arborgold:
- Users navigate to the login page of your Arborgold site
- Type in your username and password.
- Click Login.
Receive and Enter the 2FA Verification Code
Once you click the Login button, you are asked to verify the email address for the verification code, this will happen one time. The email address that automatically populates, is pulled from the Arborgold User Profile account.
You must be able to access this email account to retrieve the verification code for the next step.
IMPORTANT: If you change the email address at this step, the email address for this User's Profile will change too.
4. Enter the verification code you received in your email.
5. Click Continue.
Once your verification code is successfully verified, you can log into your Arborgold account. You will receive a confirmation email informing you that 2FA has been enabled.
After logging in, your browser will be authenticated or store the authentication method in the cookies. You will be able to log in for the next 30 days without providing the second authentication method.
Verify a User has 2FA Enabled
- Navigate to the User Menu (square icon) in the top navigation.
- Click User Admin.
3. The 2FA Enabled column will show if a user has 2FA enabled.
4. Double-click on any employee from the list to open their employee record.
5. On the employee record, there is a green circle with a checkmark indicating if the
2FA has been set up.
6. Click Activity to see when a user enabled the 2FA on their account.
7. The Type and Description fields will provide you with 2FA information for the
Created On date documenting what date the 2FA was enabled.
Troubleshooting and FAQs
How do you disable two-factor authentication (2FA) for all users on the Arborgold Site?
To deactivate Two-Factor Authentication (2FA) for all users on the Arborgold site, go to the Set-up icon > Settings > Security. On the Security page, toggle the 2FA Enabled option to OFF. Once disabled, users will no longer be prompted to enroll in 2FA for their accounts.
Can we enable or disable Two-Factor Authentication (2FA) for a specific user?
No. 2 Factor Authentication (2FA) is a sitewide setting; once enabled, it will be mandatory for all users to enroll in 2FA. There is no option to enable or disable 2FA for specific users of Arborgold.
How do users resend the 2FA verification code?
To request a new verification code, click the Resend Code button after clicking the Login button. Users can check their email inboxes for the new code and enter it on the verification code page to proceed. Users can request a new verification code after 60 seconds of receiving the previous code.
How long does the verification code remain valid before it expires?
The verification code is valid for 10 minutes and will expire if a new code is received within the 10 minutes.
Is there a maximum number of attempts for 2FA verification codes?
Yes, five (5).
What if a user exceeds the maximum number of attempts for verification codes?
If the user enters an incorrect verification code more than five times, their account will be temporarily locked for 60 minutes. After 60 minutes, the user can try logging in again or contact the Arborgold User Admin to request that the account be unlocked during the 60-minute locked period. The user will receive an email notification informing them their account has been locked.
How to Unlock a Locked User Account?
If a user account becomes locked, there are two steps to unlock it and regain access.
- Wait 60 minutes to attempt to log in again. By default, the user account will automatically unlock after 60 minutes of reaching the maximum number of attempts.
- Contact your Arborgold System Admin and request that they unlock your account by accessing the Admin Portal and making the necessary changes to your user account.
- Navigate to the User Menu (square icon) in the top navigation.
- Click User Admin.
- The Locked column will show that the employee's account is locked.
-
- Right-click on the employee line that needs to be unlocked.
- Select Unlock Account from the dropdown.
Option 2:
-
- Double-click on the locked employee to open their employee record.
- Click on the Unlock Account toggle.