Enabling Two-factor Authentication

User Guides / Authentication / Enabling Two-factor Authentication

Learn how to enable two-factor authentication for your Manifest domain and how each individual user should set-up and login using two-factor authentication.

Enabling Two-Factor Authentication

How can we enable two-factor authentication on our domain?

Only the Security Administrator can enable two-factor authentication to be available for your domain. This can be done in the Client Web Portal under Client Settings -> Password Security Rules.

  1. As the Security Admin, go to Client Settings -> Password Security Rules and toggle Enable 2FA into the “ON” position. ​
  2. Select update and make sure the settings have saved successfully​
  3. Once 2FA is enabled for the domain, go to Users and enable for each user
Security Admin view of Client Settings > Password security rules 2FA enabled

​​Will all users automatically be forced to set up two-factor authentication?

Once two-factor authentication is enabled for a domain, it must be enabled for all users on an individual level. There is no way to automatically apply this setting to each user – so please remember to enable it (where necessary) for all provisioned users.

  1. As the Security Admin, go to Users.
  2. Select the 3 dots under “Actions” column for the respective user.
  3. Select “Enable Two-Factor Authentication”
User Actions showing how to enable two factor authentication for each user

​How can I disable two-factor authentication?

The System Administrator can disable two-factor authentication at the domain level via Client Settings -> Password security rules or can disable only for an individual user.

User Actions showing how to disable two factor authentication for each user

What if the option to enable two-factor authentication is not available?

If you are attempting to turn on two-factor authentication for a user and the options display “Two-Factor Authentication not available” this indicates that 2FA is not enabled for your domain. Please see instructions above to set this up under Client Settings -> Password security rules.

User Actions showing a user account where 2FA is not enabled on the domain

User Two-factor Authentication Set-up

How should each user set up their two-factor authentication?

When a user account has been enabled to require two-factor authentication, they will be required to set up their 2FA in the Client Portal at login.

  1. Go to your Client Portal web domain and sign-in using your email and password.
  2. Upon login, you will be prompted to scan a unique QR code using the Google Authenticator application or a similar application of your preference.
  3. The application should generate a temporary 6-digit code. Enter this code into the field as prompted.
  4. Select Verify
  5. If you have successfully logged in, then your 2FA set-up is complete! You will now be prompted to enter in the generated 6-digit code from this application for all future logins, across all platforms.*

*This is not implemented on Manifest Mobile applications yet (as of March 2021)

Initial set up for 2FA in the Client Portal
3D application prompting for two factor authentication key

Can I set up two-factor authentication on my 3D headset?

Two-factor authentication set-up can currently only be set-up in the Client Portal. If you attempt to sign-in to your 3D application before completing this set-up, you will be blocked and prompted to first complete the set-up in your Client Portal web application.

3D application message if a user attempts to login before setting up 2FA

Tips from the Experts

Trouble logging in with your code? The 6-digit code generated by the Authenticator application expires after one use and updates frequently. Please be sure you only use a single code one time and that you are using the most current generated code from the application.

Account recovery using 2FA? If you can’t access your authentication codes and need to reset your authentication settings, you will need to reach out to your System Administrator for assistance. Your System Administrator may have their own security protocol in place; however, one method to reset the user account is to disable two-factor authentication and then re-enable it again to allow the user to set up their 2FA again.

What platforms support 2FA? Currently two-factor authentication is supported on the Client Portal and the 3D application. It is not yet supported on the Manifest Mobile applications for iOS and Android.

Table of Contents
    Add a header to begin generating the table of contents