Two-factor authentication
Two-factor authentication (2FA) provides an additional level of security to your Updraft account.
Once 2FA has been configured for your user account, you will be prompted to enter the code generated by your one-time password app after entering your email address and password.
Once 2FA is enabled, it is only possible to log in to your account if the email address, password and one-time code are available.
2FA is available for Owner & Admin Users. Mobile-Users can't enable themself 2FA.
However, if an organisation enforces 2FA, the users with the user role 'mobile user' can also configure 2FA before they can log into the mobile dashboard.
Updraft supports devices as the second factor of authentication. After you enabled 2FA, in addition to your username and password to sign in, you’re prompted to type in the one-time code from your 2FA app. If 2FA is enforced by an Owner of an organization you will be prompted to activate your 2FA device when trying to sign in which performs then a secure authentication on your behalf.
Don’t forget to back up your recovery codes!
Updraft supports one-time password authenticator applications.
Login to your Updraft account
Go to your User Profile Settings
Go to Preferences
Click on Enable-2FA
Install a compatible application, like:
SailOTP
In your 2FA application:
Scan the QR-code in Updraft with your device’s camera to add the entry automatically.
Enter the details provided in Updraft (URL & key) to add the entry manually into your authenticator application.
Enter the six-digit pin code from the 2FA application on your device into the Pin code field.
Click on Enable
If the pin code you entered was correct, you will be forwared the list of the recovery codes. Download them and keep them safe. After you close the recovery code page you will see a message displaying that you successfully enabled 2FA.
Each recovery code can be used only once to sign in to your Updraft account.
Once two-factor authentication has been successfully configured, you will be prompted to save or download the recovery codes displayed. If you ever lose access to your one-time password authenticator or lose your device, you can use one of these recovery codes to log in to your Updraft account.
Logging in with 2FA is slightly different from logging in normally. Once you have configured 2FA, the next time you log in, after entering your username (email address) and password, you will be prompted to enter your 2FA authenticator app code. Once you have entered the code, you will be redirected to the Updraft dashboard.
When asked, enter the code from your one- time password authenticator’s application or a recovery code to login in.
If you ever need to disable 2FA:
Go to your User Profile Settings
Go to Preferences
Click on Disable 2FA
This clears all your two-factor authentication configurations.
IF 2FA is enforced by an Organization you will not be able to disable 2FA yourself. You need to get in contact with the Owner of your Organization.
To disable two-factor authentication on your Updraft account (for example, if you have lost your 2FA code generation device) you can:
Use a saved recovery code or
regenerate 2FA recovery codes
Enabling and the configuration of two-factor authentication for your account generates several recovery codes. Such recovery codes needs to be saved. You can use one of them to sign in into your account again.
You can use a recovery code after you typed in your username and password when prompted to type in the pin code from the 2FA authenticator application.
As soon you used one of your recovery codes you can't use them again, but you can still use all other recovery codes you saved
To regenerate 2FA recovery codes, you need to login into your Updraft account at your desktop:
Go to your User Profile Settings
Go to Preferences
Click on Regenerate Recovery Codes
You need to confirm if you really want to regenerate recovery codes
Click Regenerate recovery codes
Save or download the new recovery codes
If you regenerate 2FA recovery codes your previous recovery codes will not longer work. Save them!
If you cannot log in after you have already enabled 2FA, ask the Updraft Owner of your organisation for help. An owner of an updraft organisation can temporarily disable 2FA for each user in their organisation. Once an owner has disabled this, you can then reconfigure 2FA.
As the owner of an Updraft organisation, you can push 2FA for all your users.
To enforce 2FA:
Go to your User Profile Settings
Go to your Account Settings
Enable enforcing for all users
Once this is enforced, your organisation's users will need to configure 2FA on their next login before being redirected to the Updraft dashboard. They will need to either scan the QR code or manually add the key to their Authenticator app. Once configured, they must log in and will be asked for the PIN code.
As the owner, you always have an overview of which users have 2FA configured and you can also disable 2FA in the user view. Just click on your user.
If 2FA is forced, your users cannot disable 2FA independently.