Nimbox Vault Logo

Two-Step / Two-Factor Authentication (2FA)

What is Two-Step Authentication?

Two-Step Authentication adds a second verification step when a user logs in to the web portal, or when a user registers an agent, the Outlook add-in, or a mobile device. With Two-Step Authentication, end users will be sent an authentication code through an Authenticator Mobile App, text message, or email, depending on their own configuration settings. They must then enter their authentication code—along with their username and password—before they can access the system.

Two-Step Authentication applies to:

  • The web portal—the user will be prompted to enter an authentication code when logging in to the web portal.
  • The agent—the user will be prompted to enter an authentication code when registering the agent.
  • The Outlook add-in—the user will be prompted to enter an authentication code when registering the Outlook add-in, when opening a new Outlook session, or when changing credentials.
  • A mobile device—the user will be prompted to enter an authentication code when accessing a mobile app for the first time. The user will also be asked to configure a passcode when accessing mobile apps at subsequent sessions.
Note: End users need to configure Two-Step Authentication settings before installing the agent. End users will only be prompted to enter an authentication code if they have already configured their Two-Step Authentication preferences.


Configuring Two-Step Authentication:

Two-Step Authentication can be configured in one of the following ways:
  • End users can optionally configure their own Two-Step Authentication settings in their Account Settings page. For more information, please reference the End User Guide.
  • Administrators can turn on the Require Two-Step Authentication policy in the Policies section of the Settings tab. When this policy is enabled, end users will be prompted to configure their own Two-Step Authentication settings as soon as they log in to the web portal. They will also be required to use Two-Step Authentication when registering devices. If you turn off this setting for an organisation, end users must individually disable their own configuration settings.


To turn on Two-Step Authentication for an organisation:

  1. Click the Settings tab. The Settings page displays.
  2. In the Settings page, click the Policies tab. The Policies section displays.
  3. In the Policies section, scroll down until you see the policy titled, Require Two-Step Authentication. Select the Require Two-Step Authentication checkbox.
  4. Click the Save button when you are finished. End users will now be required to configure Two-Step Authentication settings the next time they log in to the web portal.


To turn on Two-Step Authentication for an individual account:

  1. Click the Accounts tab. The Account Settings page displays.
  2. In the Account Settings section, scroll down until you see the policy titled, Two-Step Authentication. Select Enable.
  3. Follow the process described above to configure Two-Step Authentication settings.

End user actions:

From end users' perspective, when the Require Two-Step Authentication policy is enabled, they will be required to configure their own authentication settings the next time they log in to the web portal. Additionally, they will be required to set up a passcode (or PIN if they are using an Android device) on any registered mobile app:

  1. When first logging in to the web portal, all users will be redirected to the Enable Two-Step Authentication page.
     
  2. In the Authentication Mode field, select the delivery method through which you want to receive your authentication code. You can choose from Authenticator Mobile App, Text Message, and Email.
    Note: If you select Authenticator Mobile App as your delivery method, you must install an authenticator app of your choice, such as Google Authenticator, Amazon AWS Virtual MFA, or any of the many other TOTP-compatible apps available for download.
  3. In the Current Password field, enter your password.
  4. In the Confirm Password field, confirm your password.
  5. If you selected Text message as your delivery method, you will also be prompted to enter your mobile phone number.
  6. Click the Submit button when you are finished. You will be redirected to the Confirm Two-Step Authentication page, which will vary based on your selected delivery method.

If you selected Authenticator mobile app as your delivery method:

  1. Save the Backup key that is listed in the confirmation page. You will need this key if you need to recover access to your account.
  2. On your mobile phone, install a mobile authenticator app, such as Google Authenticator, Amazon AWS Virtual MFA, or any of the many other TOTP-compatible apps available.
  3. In the mobile authenticator app, create an account, and enter the secret key to confirm your identity, which you will find listed in the Confirm Two-Step Authentication page. A few mobile authenticator apps, such as Google Authenticator, will allow you to scan the barcode to confirm your identity.
    1. In the web portal, enter the authentication code provided by your authenticator app in the Authentication Code field.
    2. Click the Submit button when you are finished.
       

If you selected Text message as the delivery method:

  1. Save the Backup key that is listed in the confirmation page. You will need this key if you need to recover access to your account.
  2. You will receive a text message with an authentication code. Enter that code in the Authentication Code field.
  3. Click the Submit button when you are finished.
     

If you selected Email as the delivery method:

  1. Save the Backup key that is listed in the confirmation page. You will need this key if you need to recover access to your account.
  2. You will receive an email with an authentication code. Enter that code in the Authentication Code field.
  3. Click the Submit button when you are finished. 

After your Two-Step Authentication settings are configured, you will be prompted for a second step authentication code each time you log in.

Authentication codes are only valid for a limited amount of time. Make sure you enter your validation code promptly.


If you are ever unable to provide the correct authentication code, you can use the Backup key to recover your account:

  1. In the Login page, click the Unable to access authentication codes link.
     
    The Account Recovery page displays.
     
  2. In the Account Recovery page, enter your email address as well as the Backup key that was saved when you first configured your verification settings.
  3. Click the Submit button when you are finished. When Two-Step Authentication has been disabled, you will be able to log in using just your username and password.


Registering the Agent:

When registering the agent for the first time, you will be asked to enter an authentication code.

Note: End users need to configure Two-Step Authentication settings before installing the agent. End users will only be prompted to enter an authentication code if they have already configured their Two-Step Authentication preferences.

  1. If Two-Step Authentication has been enabled for your organisation or for your user account, you will be prompted to enter an authentication code at the time of registration.
     
  2. After you receive your authentication code, enter the authentication code and press the OK button. You can then complete the registration process.

Accessing Mobile Apps:

When accessing a mobile app for the first time, you will be prompted to enter an authentication code. You will also be asked to configure a passcode (also called a PIN if you are using an Android device) when you access your mobile app at subsequent sessions.

Configuring a passcode is required if Two-Step Authentication was configured as an organisation policy; it is optional if Two-Step Authentication was configured as a user policy.

Note: Two-Step Authentication is not yet supported for the Windows Phone mobile app.

  1. If Two-Step Authentication has been enabled as an organisation policy or as an account policy, you will be prompted to enter an authentication code at the time of initial registration. Enter the authentication code and press the OK button.

    Image of the Android App Two Step Authentication Prompt

    Image of the iOS App Two Step Authentication Prompt
  2. If Two-Step Authentication has been enabled as an organisation policy, you will also be asked to configure a PIN after the initial registration process. At subsequent sessions, you will be prompted to enter this PIN or passcode when you access your mobile app.

Note: If Two-Step Authentication has been turned on only as an individual account policy, that account will not be required to configure a passcode or PIN.

  1. On an Android device, you will be directed to the Settings page. Select Require PIN.

    You will be prompted to enter a PIN.
     
  2. Alternatively, if you are using an iOS device, you will be directed to the Settings page. Select Use Passcode

    You will be prompted to enter a Passcode.
  3. When accessing the mobile app in the future, you will be prompted to first enter this PIN or passcode.


Accessing the Outlook Add-In:

When accessing the Outlook add-in for the first time, you will be prompted to enter an authentication code.

  1. If Two-Step Authentication has been enabled for your organisation or for your user account, you will be prompted to enter an authentication code when you open Microsoft Outlook.
     
  2. Enter the authentication code and press the OK button. You will be prompted for this authentication code at the time of add-in registration, when opening a new Outlook session, or when changing your add-in credentials.