Two-factor authentication (2FA)

Before you start

Why use two-factor authentication (2FA)

Two-Factor Authentication (2FA) adds an extra layer of protection to your account. It strengthens its security by making it more difficult to access. With two-factor authentication, you must provide two different and independent pieces of information (a password and a verification code) to confirm your identity. This therefore prevents someone who knows your password from accessing your account without your authorization. Even if it is compromised, no one can log in without also having access to your second authentication method.

How does it work?

In addition to your usual password, you will need to enter a 6-digit verification code sent by email or generated by using an authenticator app during the login process.

However, it is not necessary to enter a verification code on devices that you believe to be trustworthy and that you have registered as such.
Learn how to add or remove trusted devices >

How to login with Email authentication

A verification code will be sent to the email address you provided. You can use a different address than the one associated with your user.

How to login with an Authenticator app

If you don't already have one, you'll need to download an authenticator app on your mobile device, such as Google Authenticator, Microsoft Authenticator, Duo Mobile, or Authy. These apps generate security codes and allow you to log into accounts with two-factor authentication.

How to switch between two authentication methods

It is possible to set up more than one two-factor authentication method. For example, you can decide to enable the email authentication method and to also use an authenticator app. However, to log in, you will only need to enter one verification code. By default, we will ask for the one generated by the last authentication method used. You can switch from one method to the other by clicking the Use another authentication method link.

How to make sure every user activates at least one two-factor authentication method

To properly protect your account, it is possible to make two-factor authentication mandatory for all its users. The next time they log in, they will be prompted to set up at least one additional authentication method. Before activating this option, make sure that each person uses their own access codes.
Learn how to make two-factor authentication mandatory for all users >
Learn how to create a user >

Setup your two-factor authentication methods

You can choose between these two authentication methods: activating email authentication or using an authenticator app. It is also possible to set up both. Learn more >

Activate your email authentication

  1. Log into your account.
  2. Go to Profile > Two-factor authentication (2FA).

  3. Turn the Email authentication switch on.

  4. Enter your password to confirm your identity.

  5. Enter your email address and click Send me a verification code. We’ll use this email to send you a verification code when you log in to the application.


     
    This address may be different from the one associated with your user.
  6. Check in your inbox. You should have received an email containing a 6-digit verification code. Enter this code in the appropriate field.


     
    Haven't received the code yet? Take a look in your junk folder to see if the email is there. If not, wait a few moments and click the Send me another code link. Still haven't received it? Check if you entered the email address correctly. To change the email address or try with a new one, close the popup window and restart the steps again.
  7. Click Confirm to complete the email authentication configuration.

Setup your authenticator app

Before you start, make sure you have downloaded an authenticator app on your mobile device (e.g.: Google Authenticator, Microsoft Authenticator, Duo Mobile, Authy...).

  1. Log into your account.
  2. Go to the Profile > Two-factor authentication (2FA) menu.
  3. Turn the Authenticator app switch on.

  4. Enter your password to confirm your identity.

  5. Open your authenticator app and add a new account. (The method will differ from one application to the other. Make sure to follow the steps on your screen).
  6. Scan the QR code on the screen with your mobile device.


     
    The QR code isn't working?  Click the Do it manually link and enter in your mobile app the secret key displayed. You'll need to select Time Based as the key.

  7. Enter in the popup the 6-digit code generated by your authenticator app.

  8. Click Confirm to finish the setup.

Add or remove trusted devices

If you use your personal computer, follow basic internet security (frequent antivirus scans, no downloads or clicks on unknown links, etc.) and don't share it with other people you can decide to add it to your trusted devices. When you use a device on that list, you don't have to enter the two-factor verification code to log into your account. You only need your password and username. If something changes, please note that you can remove at all times access to a trusted device so that it will start asking you again to use two-factor authentication.

Add a trusted device

Simply check the box Don't ask me again on this device when logging in.

Remove a trusted device

Go to Profile > Two-factor authentication (2FA). Click Remove this device, then Yes, remove to confirm your action.

Modify or remove a two-factor authentication method

Modify email address

Go to Profile > Two-factor authentication (2FA). In the Email authentication section, click Modify email address and follow the steps on the screen.

Setup a new authenticator app

Go to Profile > Two-factor authentication (2FA). In the Authenticator app section, click Setup a new authenticator app and follow the steps on your screen.

Remove an authentication method

Go to Profile > Two-factor authentication (2FA). Turn off the switch beside the authentication method you wish to deactivate. Input your password and confirm your choice by clicking Yes, remove.

If two-factor authentication is mandatory for all users. You'll need to keep at least one method active. Learn more >

Make two-factor authentication mandatory for all users

In order to properly protect your account, it's possible to make the two-factor authentication mandatory for all the users. Next time they log in,  they will be asked to set up at least one authentication method. Make sure every person using the account has their own username and password before activating this option.
Learn how to create a user >

How to proceed

Only Administrator level users can enable this function. Learn more >

Go to IconeSettings > Users  and turn on the switch in the Two-factor authentication section.  From then on, all users will have to set up at least one authentication method (Email authentication or Authenticator app) in order to login. 

What happens if we deactivate this function?

Deactivating the function will not deactivate the two-factor authentication methods already set up by users. They will still continue to be asked to enter their verification code when they log in. However, it will no longer be mandatory for future users to activate one.

Reset a user's two-factor authentication methods

If an account user doesn't have access to their authentication methods and can't login, it's possible to help them by resetting their two-factor authentication methods. They will be prompted to set up a new authentication method at their next login.

How to proceed

Go to IconeSettings > Users and open the Icone Actions menu on the right of the user, then click Reset 2FA  and confirm your action by clicking Yes, reset. 

Note that it's not possible to modify another user's authentication methods. You can only reset them.

Learn how to recover access codes >

Frequently asked questions

What can I do if I don't have access to my email or my authenticator app anymore?

Contact one of your account administrators so they can reset your two-factor methods to help you. If it's not possible or you still are unable to enter your account, contact a member of our technical support team for further assistance.

Why can't I see the option to make two-factor authentication mandatory for all users?

You need to be an account administrator in order to access this function.

How can I use another authentication method when I am logging in?

We'll only ask for one verification code even if you have set up two authentication methods. By default, we'll ask for the code generated by the last method used. To switch to the other method, click the Use another authentication method link.

Why can't I remove the last authentication method for my user?

If you're unable to remove the last authentication method remaining for your user, it's because the two-factor authenticator has been deemed mandatory for all users in your account. Click here to find out how to access the option in order to deactivate it. If the option is not visible for you, contact an account administrator

I share my access code with another person, can I still set up my two-factor authentication?

You can, but you need to make sure to use a method you both have access to, such as a common email address. To keep your account secure, we strongly suggest that each person needing to access the account have their own access codes. Learn how to create a user >

How can I see which users have activated the two-factor authentication?

Go to IconeSettings > Users to see the list of all users in your account. In the 2FA column, there will be a checkmark besides users that have already activated at least one authentication method. Hover over the checkmarks icon to see which method was activated for each user.

Top