Two-step Verification

Introduction

2-step verification is a simple and more secure way to protect your accounts. It combines a password (something that you know) with a second factor (something that you own), so it is less vulnerable to attacks.

The most common verification techniques are:

  • Text messages with PIN code on your mobile phone
  • The Authenticator app generates an authentication code
  • Yubikey (a hardware device similar to USB)

Bloomreach Engagement currently offers 2-step verification with the Authenticator app and Text message. We plan to support Yubikey soon.

Configuration

To enable 2-step verification for your Bloomreach Engagement accounts, go to Settings > User Settings > Security.

1237

Configuration window

Once the 2-step verification is enabled, you will be asked to verify yourself with the chosen method every time you log in. Also, you will be asked to provide a new token/code from the authenticator app after 30 days or every time your IP is changed.

1672

Login page - 2-step verification

Authenticator app

Install an authenticator app on your mobile device. You can use any authenticator mobile app, but we recommend installing Google authenticator:

Open the authenticator and scan the QR code to obtain a 6-digit code which you need to input in Bloomreach Engagement. Click "confirm".

700

Configuration of Authenticator APP

Backup codes

Backup codes are useful if you don't have access to your mobile or Yubikey. When you enable this option, you will obtain 10 codes that you can use to log in. You can use every code only once.

📘

Note that backup codes are not part of 2-step verification. Use backup codes only as a recovery option if you lose access to your devices.

Text message

In User settings -> Security enable the "Text message" option. When you enable this option you need to enter your phone number and click Get code. Once you receive the code type it into the text area below. Click confirm.

Troubleshooting and recommendations

Occasionally, you might encounter problems with your Google Authenticator app. We have put together a few solutions that solve the most common problems.

Sync your Google Authenticator time

Time syncing incorrectly is one of the reasons why your Google Authenticator codes might have stopped working and/or are displaying an error. To resolve this issue follow these steps:

  1. Open the Google Authenticator app
  2. Navigate to the Menu
  3. Select Settings
  4. Click on Time Correction for Codes
  5. Click Sync Now
    This will automatically correct the time.

Sync your phone's time

Whether you are using Android or iOS, you will need to navigate into the settings, look for Date & Time, and toggle both automatic time and timezone on.

Use backup codes

As described above, it is always good to generate and store securely your backup codes. This is useful not only for the times when your app might not be working properly but also for rare cases when you might lose or damage your device.

Two-step verification Enforcement

In Project or Account settings -> Security -> Two-step verification, you can now enforce the usage of two-step verification. In the new settings section, you can decide who needs to use it and would be required to log in again as verification. It can be applied per account, project, or specific role. Additionally, you can create a new custom role that inherits other predefined roles but has a requirement to use two-step verification. We try to provide the most flexible options for various requirements and situations.

You can apply the enforcement on both the project and account levels. The settings allow you to choose one out of 3 options available:

  • Optional: this is the same as was before. It is up to you if you want to use two-step verification.
  • Mandatory for selected roles: this option allows the client to select a set of roles that require the use of two-step verification. Every user that has one of the selected roles, has to use a second factor for login.
  • Mandatory for all users: If this option is selected, every user with access to the account/project will be required to use two-step verification.

If specific roles on the account level require the use of two-step verification, this is inherited also on a project level for all projects within the account. It is strongly recommended that users also download backup codes when he is setting up two-step verification. This option is available on the same settings page.
Settings can be changed only by the project admin.

Two-step verification reset

When you change your contact number or lose/misplace your device, the two-factor authentication (2FA) needs to be reset to access the platform. Follow the steps to request a 2FA reset:

  1. Submit a 2FA reset request to support yourself or through your colleague using official support contact channels.
  2. In both cases, support verifies the authenticity of the request. Support sends an email to the email address used with the user account that needs 2FA to confirm the request.
  3. Reply to the support email and confirm that the 2FA request is valid.
  4. Upon receiving the confirmation, support proceeds with a 2FA reset for that account.
  5. After the reset is complete, you can choose and set up an alternative 2FA method and log in to the platform.