Skip to main content
All CollectionsAccountAuthorization
Two-Factor Authentication
Two-Factor Authentication
Artem Kunytsia avatar
Written by Artem Kunytsia
Updated over a week ago

Overview

To enhance the security of your SmartSuite account, we offer Two-Factor Authentication (2FA). This guide will help you understand the availability, setup, and management of 2FA for your account. This feature is available to all SmartSuite users regardless of plan type, and can optionally be enforced at a workspace level on the Professional and Enterprise plans.

Supported 2FA Factors

We support the following TOTP (Time-based One-Time Password) 2FA options:

  • Google Authenticator

  • Microsoft Authenticator

  • Duo Mobile

  • Twilio Authy

Enforcing 2FA as a Workspace Administrator

Admins can require all Members of their account to use 2FA/MFA by enabling this feature in the Account Administration settings. Once enabled, all Members must set up and use 2FA/MFA to log in. Once enabled, user accounts linked to any SmartSuite account that requires 2FA must use it to log in, regardless of the settings for other accounts they access.

  1. Navigate to Account Administration > Account Settings.

  2. Find the "Two-Factor Authentication (2FA)" section.

  3. Click on the "Enable Two-factor authentication" button.
    Once enabled, we capture the who enabled the feature and when.

Managing 2FA as a Workspace Administrator

Admins can reset MFA enrollments if users lose access to their MFA devices and do not have recovery codes.

Reset Two-Factor Enrollment

  1. Go to the Member directory and click the 3-dot menu.

  2. Select "reset two-factor enrollment".

  3. Confirmation Modal:

    • Cancel: Returns to the Manage Member page with no changes.

    • Confirm: Deletes the user's 2FA enrollment(s).

User Configuration

MFA Configuration Interface

Users will see the MFA configuration interface in the following situations:

  • When 2FA/MFA is enabled (Admin users during setup).

  • Users without 2FA/MFA configuration during login when 2FA/MFA is enabled.

  • Users selecting "Manage Two-Factor Authentication" from their private user profile.

Elements of the Interface

  • Header

  • SMS authentication settings

  • TOTP authentication settings

  • Default MFA mechanism: When both SMS and TOTP are configured, users can set the default. SMS is selected by default but can be changed to TOTP or back to SMS.

Enroll TOTP Authenticator Interface

  • Add/Remove TOTP MFA device:

    • Add Device: Click "Use authenticator app" to open the "Add Authenticator App" modal.

    • Remove Device: The configured device will be listed as "Authenticator App" and can be removed if needed.

Did this answer your question?