Our latest release gives you the additional security measure of two-factor authentication to ensure that only authorized users are logging in to your RIsk Cloud environment. TFA can be enabled at the environment level OR at the individual user level. For the purpose of this guide, we will walk you through:
- Enabling two-factor authentication for your Risk Cloud environment
- Setting up two-factor authentication as a Risk Cloud user
Enabling Two-Factor Authentication for your Risk Cloud Environment
Enabling two-factor authentication for your environment is very simple. Login with an admin account, and navigate to the Admin > Account page.
On this page, scroll down to the “Services” section and you should see a card titled “Require Multi Factor Authentication.” This card will allow you to either enable or disable two-factor authentication for your entire Risk Cloud environment.
NOTE: Once two-factor authentication is enabled, ALL non-SSO users will be challenged when attempting to login.
Setting up Two-Factor Authentication as a Risk Cloud User
Once two-factor authentication is enabled at the environment level (or an individual user level) all users will be required to go through the following steps to set up two-factor authentication.
When a user attempts to log in, they will be prompted with the following:
In order to complete setup, they must scan the QR code with an authentication app and enter a valid verification code. Common authentication apps are:
- Google Authenticator
- Microsoft Authenticator
- Twilio Authy
- LastPass Authenticator
Upon completion of the initial two-factor authentication setup, a user will be logged in to Risk Cloud. On any subsequent login attempts, users will be prompted with the following:
They must use their previously configured authentication app to generate a valid 6-digit code. Once a valid code has been entered the user will be logged in to Risk Cloud.
Disabling Two-Factor Authentication for your Risk Cloud Environment
Disabling two-factor authentication is just as simple as enabling. Navigate to the Admin > Account page, and toggle the “Require Multi-Factor Authentication” card to disabled. This will turn off two-factor authentication for users in your Risk Cloud environment.
NOTE: Users that have completed a two-factor authentication set up prior to you disabling this card will STILL be challenged during login. To fully disable two-factor authentication for these users it must be done by the individual on their profile page under the “security” tab:
or by an admin via the Admin > Users page. Open the specific user’s settings, navigate to the security tab and disable two-factor authentication.