The purpose of this article is to explain how Two-Factor Authentication (2FA) works in Formworks.
Two-factor authentication (2FA) is available for the Formworks Portal only. This is a configurable setting that can be changed by any user that has visibility of the Admin License page and the Manage Users & Roles page i.e. a Client Administrator, Client System Administrator or Client Task Manager.
The 2FA setting can be found below Current Permissions on the License page. It is the last checkbox option (Is 2FA required?). By default this option is disabled. Once enabled, there will be an additional System Role called 'MFA' visible on the Manage Users & Roles tab per user. A user will need this role enabled before 2FA is required at their next login:
All mobile authentication applications can be used with this setting e.g. Google Authenticator, Microsoft Authenticator, DuoMobile etc. These applications can be found in any mobile devices application store:
Once the 'Is 2FA required?' checkbox is enabled, there should be a blue alert message in the top right corner of the screen to confirm the change has been made.
The user account that requires 2FA will now need to be updated on the Manage Users & Roles page. Select the user to display the Edit User screen, then the 'MFA' permission will need to be enabled:
Once both steps have been completed, the next time the user logs into the portal, after entering their password and pressing login they should see the below screen with a QR code:
The user should then open up their module authentication app (the below example will use Duo Mobile):
Press the '+' button to scan a new code, this will bring up the camera to scan the QR code image. Point your phone to the code on the web browser. You will then be provided with a 6 digit code as below. Please note that the email address you are using to log into Formworks should show alongside the code:
A new code should be generated roughly every 30 seconds, depending on the authentication app you are using.
Enter the provided code in the given space below the QR code image and select 'Register'. You will then be prompted to enter the code again (if the code on your authentication app has changed, please enter the updated code) and then press 'Login'.
As long as the 2FA has been enabled for your Client account and a user has the MFA permission enabled, a code will be required for every log into to the Formworks Portal.
For occurrences where a user loses either their authentication app of the Formworks Account on the authentication app, resetting the 2FA is possible via the Manage Users & Roles tab.
After a user has successfully logged into the Formworks Portal using 2FA, a 'Reset MFA' button will appear below user details in the Edit User screen:
If this button is pressed, when the user next logs in a new QR code will display, prompting them to set up the account on their mobile authentication app. Any previously set up accounts for the user using another QR code will no longer work.
If the 2FA setting has been disabled on the License page, the MFA permission will be removed from any users that had it enabled. If the 2FA setting is re-enabled, users will need to be manually given the MFA permission again via the Manage Users & Roles page.