Two-Factor Authentication  

    Role required: SDAdmin

    Two-factor authentication provides an extra layer of security by mandating an additional authentication method along with passwords.

    In AssetExplorer, enable two-factor authentication for user logins and admin configurations under Admin > General Settings > Two Factor Authentication > Configuration.

    Supported authentication methods 

    Email Verification

    Users will be required to authenticate themselves using a code sent to their email. The email verification template is customizable. In the email text, you can use $secretCode, which will be replaced a unique code each time the email is sent to the users.

    The outgoing mail server must be configured for email verification method. Learn more. 

    Google Authenticator 

    Users will be required to verify themselves with a Time-based OTP (TOTP) generated by the Google Authenticator app or any TOTP authenticator app such as Microsoft Authenticator, Duo Mobile, etc.


    Two-factor authentication for User Login 

    Enable this option to prompt users for authentication during login.


    The preferred authentication method must be selected first to enable two-factor authentication for user logins.



    Once two-factor authentication is enabled, the users have to enroll themselves during their first-time login. Click here to know more.


    Backup Codes for User Login 

    Backup codes can be enabled only for user logins. Enabling backup verification codes allows users to view, download, or generate codes that can be used as an alternative to any of the authentication methods. Click here to know more 

    Two-factor authentication for Admin Configurations 

    Enabling this option prompts the admin to authenticate themselves while modifying security settings under Admin > General Settings > Security Settings.

    Two-factor authentication for admin configurations can be enabled for general/advanced security settings and password policy.

    The preferred authentication method must be selected first to enable two-factor authentication for Admin Configurations. 

    Once enabled, the admin has to enroll for two-factor authentication during their first-time login. Click here to know more.

    Enable TFA Trust to establish a time frame during which the admin can modify the security settings without the need for re-authentication.



    Managing Enrolled Users       

    You can manage users who have enrolled for two-factor authentication under Admin > General Settings > Two Factor Authentication > Enrolled Users.

    Here, you can view details such as username, domain name, and authentication type. Additionally, you can also delete user enrollments by selecting one or more users and clicking Delete.






    Zoho Corp. All rights reserved.