Two-Factor Authentication (2FA) adds an extra layer of security to your SmartSuite account by requiring a second form of verification during login. This guide explains how to enable, configure, and manage 2FA.
Plan Availability | Professional, Enterprise, Signature |
Permissions | Administrator: Can enable, enforce, and reset 2FA settings for members. |
Related Reading |
Supported 2FA Options
SmartSuite supports Time-based One-Time Password (TOTP) authentication using the following applications:
Google Authenticator
Microsoft Authenticator
Duo Mobile
Twilio Authy
Enforcing 2FA as an Administrator
Workspace Administrators can require all members to use 2FA for enhanced security. Once enforced, all members must set up and use 2FA to log in, even if they have access to other accounts.
How to Enable 2FA Enforcement
Navigate to Account Administration > Account Settings.
Locate the Two-Factor Authentication (2FA) section.
Click Enable Two-Factor Authentication.
Once enabled, SmartSuite logs the administrator's name and the activation date.
Specifying Roles for 2FA Enforcement
You can optionally customize the list of roles that require their members to use 2FA. By default all users will be required to use 2FA when enforcement is enabled. If you want only members with particular roles to be required to use 2FA, follow these steps:
Navigate to the Two-Factor Authentication (2FA) section.
Click the “Edit” button.
Check the roles that you want to use 2FA, or select “Everyone” to require users of any role to log in with 2FA.
Click" “Save” to apply your changes.
Important Note: Disabling the 2FA requirement for a role does NOT remove 2FA configured by individual members, it only removes the requirement to use 2FA. To allow a member who has configured 2FA to log in without it, navigate to the Members tab in Workspace Administration, click on the 3-dot menu for the member, and select “Reset 2FA.”
Disabling Two-Factor Authentication Requirement
Open the Two-Factor Authentication (2FA) section as described above.
Uncheck Enable Two-Factor Authentication.
Refer to the note above - this action removes the requirement to use 2FA, but does not remove 2FA configured at the individual member level.
Managing 2FA for Members
If a user loses access to their 2FA device, administrators can reset their 2FA enrollment. This removes the user’s existing 2FA configuration. The user will be required to configure 2FA on their next login if their role is set to require 2FA.
Resetting 2FA Enrollment
Go to the Member Directory.
Click the three-dot menu next to the member’s name.
Select Reset Two-Factor Enrollment.
Confirm your action in the pop-up modal:
Cancel: No changes are made.
Confirm: Deletes the user’s current 2FA settings.
User Configuration
When Users Encounter 2FA Setup
Users may need to configure 2FA in the following scenarios:
Logging in after an administrator enforces 2FA.
Accessing the Manage Two-Factor Authentication section in their user profile.
Elements of the 2FA Configuration Interface
Header: Provides setup instructions.
TOTP Authentication Settings: Use a TOTP app for authentication.
Default MFA Mechanism: Choose between SMS and TOTP for default authentication.
Practical Scenarios and Use Cases
1. Departmental Collaboration
Scenario: A finance team requires secure access to sensitive data.
Solution: Enable 2FA for all team members to ensure only authorized individuals can log in.
2. High-Security Environments
Scenario: A company’s IT department mandates enhanced security for all users.
Solution: Administrators enforce 2FA for all members to minimize security risks.
3. Recovery from Lost Devices
Scenario: An employee loses their phone with the authenticator app installed.
Solution: The administrator resets the 2FA enrollment, allowing the user to reconfigure their account.