Enabling Two-Factor Authentication (2FA) from the Company Manager page means that your users will have to set up a phone number on which they will receive 6-digit verification codes to use when signing into Huddle. This adds an extra way for them to prove their identity before gaining access to the system.
This article covers:
I) How 2FA makes Huddle even more secure
Mitigate risk and ensure sensitive company data is protected by requiring users to authenticate a second time using an SMS verification code when they sign into Huddle.
Company Managers have the ability to turn on 2FA at Company level and set how often users have to log-in using 2FA. Once a company has enabled 2FA, users will be required to set up a phone number on which they will receive a 6-digit verification code to authenticate with when signing into Huddle, please see this guide to learn more about the process users will go through.
Note: This will not sign users out. This takes effect on the user, regardless of the device.
II) How to enable 2FA on the Company Manager page
a) Click the drop-down menu next to your profile picture in the top right hand side of your Huddle screen.
b) Select Your Company from the list.
b) Click the Security tab.
c) Click Edit in the Two-Factor Authentication section.
d) Check the circle to enable 2FA.
e) Choose the frequency at which you would like your users to authenticate with 2FA.
You can have your users sign in with 2FA every time, after 60 minutes, 24 hours or after a full 7 days of the last time they were signed out.
III) User Impact
The first time the web app is launched by a user after 2FA has been enabled at Company level, they will be asked to provide a phone number for authentication codes to be sent to.
When the verification of this number is complete they will have to take note of 10 back-up codes. This is the only time these will be shown to the user and it is important that users store them somewhere in case they need to connect to Huddle when they do not have their phone or mobile network reception.
Following the set up, your users will need to authenticate with an SMS code when logging into Huddle at the time intervals that you have set.
This guide details the steps they will have to take to set up 2FA.
IV) Best practice before enabling 2FA
We recommend warning your users that 2FA will be switched on. Here are some points to include in your message:
- Users will be requested to set up 2FA on the next time they sign in.
- Why you have decided to implement 2FA and what its benefits are.
- Insist on the need for users to copy and safely store their 2FA back-up codes as they will only ever be shown these codes once.
- Share this user guide with your users that walks them through the process of setting up and using 2FA for the first time.