Two-Factor Authentication (2FA) provides an additional layer of security to help prevent unauthorized Dashboard access.
When 2FA is enabled for the user, they go through the 2FA setup process the next time they log into the Dashboard.
Once active, the user simply enters their username, password and app generated random time-sensitive code to gain Dashboard access.
There are two requirements to setup and use 2FA:
- Must be an active and valid email address.
- We send the user a setup verification email as part of the activation process.
- The random and time-sensitive 2FA code is generated by an authenticator mobile app, program or web browser extension.
- These third-party products are available for mobile (Apple iOS, Blackberry, Google Android, Windows Phone) as apps and computer Operating Systems (Windows, Mac, Linux) either through dedicated programs or web browser extensions.
Once 2FA is active, users will require the code generated by their authenticator each time the login to the Dashboard
The user only enters their 6-digit 2FA code when logging into the Dashboard. They are not prompted to enter the code each time they attempt to initiate a remote connection, for example, a Take Control session.
Where 2FA is not setup, Dashboard access is gained solely through the user's username and password.
User Action to control 2FA settings
The release of our updated Single Sign-On service in February 2018's, placed authentication for the supported products fully in the user's hands, including their login's 2FA settings.
Although the user is now responsible for their own authentication, the Dashboard administrator can ensure the company requirements are adhered to, including setting 2FA as required.
Where this is set, the user must use 2FA to login to that particular product. However, as the user controls their authentication settings, changes by the administrator may require an action by the user to apply. For example, if the 2FA requirement was enabled by the administrator then subsequently removed. The requirement to enter the Security Code will continue until the user disables 2FA for their login.
Email Verification and Username
To confirm the validity of a 2FA setup request, Dashboard 6.39.3 introduced verification emails as part of the activation process. This email is sent to the username (email address) of the user to verify that they initiated the 2FA activation process. This email contains a verification link (active for 2 hours from Dashboard 6.41.2) to proceed with the activation.
2FA requires the user to verify their username (email address). Please ensure that all usernames in the system are active and valid email addresses.
Take Control, TeamViewer Integration and Remote Background Management
Due to the security enhancements provided with 2FA and to provide as secure a connection environment as possible, 2FA is now a prerequisite of using Take Control, TeamViewer Integration or Remote Background Management.
To initiate a remote session, the user requires the relevant Take Control, TeamViewer and / or Remote Background Management permissions and 2FA must be active for their account.
Where the user has the required Dashboard permissions setup, but 2FA is not active for their account, they are prompted to setup 2FA when they attempt to initiate a connection. Setting up 2FA from this dialog logs the user out of their current Dashboard session.
Please be aware that the user only enters their 2FA code when logging into the Dashboard, they are not prompted to enter the code each time they attempt to initiate a connection.
2FA Setup: Account or Individual Users
Although we suggest enabling 2FA for all Dashboard users, we realize that this may not be practical and have included the option to enable 2FA for both staff and client users, configurable at the global or individual user level.
A breakdown of the setup and usage of Two-Factor Authentication is covered in the Summary section.
Disable IP Verification for specific Two-Factor Authentication Users
From Dashboard 6.41.2, we have included the option to Disable IP Verification at the user level where the user has 2FA enabled. This allows the user to access the Dashboard from a new IP address without going through the IP address verification process.