Qualifio gives the possibility to enable two-factor authentication (2FA). Two-factor authentication adds an extra layer of security to the authentication process for your Qualifio account. This additional step helps keep the bad guys out, even if they have your password. More information is available in this documentation.
What is two-factor authentication and why is it important?
Two-factor authentication (also called 2FA) is also commonly referred to as two-step verification or multi-factor authentication (which 2FA is a subgroup of). For simplicity’s sake, we’re going to refer to it as two-factor authentication or 2FA in this post.
2FA increases the security of a user’s credentials and that of the resources they can access inside Qualifio. Instead of only entering a password to log in, they’ll also enter a security code. That security code is a short sequence (typically a six-digit number) linked to a particular device. Each code can be used only once as part of the authentication process and is only valid for a limited time.
That additional step can better secure your account while protecting your personal data – and that of your participants – against hackers.
How does two-factor authentication work?
After you enable this feature, logging in to Qualifio will work a little differently:
- The user will enter their password (as usual).
- Then Qualifio will use a second action to verify the user. In order to prove that they really are who they say they are, the user will be asked to enter a single-use code that will be generated on their phone via a mobile app.
- After providing both factors, the user is authenticated and gains access to Qualifio. 2FA is complete.
How to enable 2FA?
- Go to your account.
- Head over to the Settings page.
- Under the Manage users section, click Security and turn on the Two-factor authentication option.
Please note that if you do this, 2FA will apply to all users, even those who are outside of the admin role. Do you have users who aren’t required to use two-factor authentication?
Once you enable 2FA, when you or your users log in to your account, you will be prompted to set up the two-factor authentication. This is done by linking an authentication app to your Qualifio account and scanning a QR code.
If you don’t already have an authentication app installed on your device, you’ll need to download one. These common mobile authenticators can be used:
Both these apps follow the same procedure: you scan a QR code associated with your Qualifio account and it is saved in the app. The next time you log in, you will be asked for a security code to pass the authentication check; just use the app to obtain a randomly generated code.
If you’re having problems scanning the QR code, simply click the prompt and follow the onscreen instructions to use a unique code instead and finish the setup.
After you scan the QR code, enter the security code generated by your authentication app, then click Finish setup.
You’re now enrolled! Now, Qualifio will request a 2FA code after you submit your password, every time you want to log in. You can generate a code through your mobile phone and enter it on the login page to be granted access to the platform.
Frequently asked questions about 2FA
Find answers to your questions and resources to help you take the next steps.
What’s the difference between two-factor authentication (2FA) and multi-factor authentication (MFA)?
There are many ways to confirm a user’s identity (personal identification number, location, fingerprints…), and any security protocol that involves two or more of those authentication factors is considered MFA. 2FA is the most common and easily accessible subgroup of MFA.
Should I lose my mobile device, how do I get back into my account?
If your phone is not available or something happens and you get locked out, you can work with an owner or an admin to use the 2FA reset feature as a recovery process. Head over to our support section for any questions you may have on how to reset a user’s two-factor authentication.
This would also be the way to go for a user who’d want to change their 2FA device.
Can users set up 2FA on multiple devices?
No, they can’t set up 2FA on multiple devices.
Can users self-enrol in 2FA?
No. Users in Qualifio can’t enable 2FA by themselves. An owner's or an administrator’s intervention is required.
Can I limit 2FA use to some users?
Yes! As an owner or as an admin, you can
- turn on two-factor authentication for your organisation from the “Security” option in the Settings tab. That configuration will apply to all users.
- activate 2FA for specific users, which is ideal if you’re looking to define your users’ levels of security based on what information they have access to. Hypothetically, let’s say you need to require 2FA for all admins but you don’t wish to enforce 2FA for editors and other roles. Or, you want to require 2FA for collaborators outside of your organisation. If desired, you can activate 2FA from a user’s profile in the “Users” option. All other users will continue to log into your account as usual, without 2FA.
Can I disable 2FA?
Owners and Admins can disable 2FA for any or all users.
I log in via SSO. Can I set up 2FA?
Yes. If users in your organisation log in via SSO, you can set up 2FA as well. If you do, 2FA will be triggered both for all users, whether they log in via username and password or SSO.
Is it possible to enable 2FA for multi-account users?
Yes, Qualifio’s 2FA supports multi-account users. However, since the same user has access to multiple accounts, the authentication method set for the user’s primary account will apply across accounts. How to change the primary Qualifio account