Two-factor authentication

Two-factor authentication (2FA) provides an additional level of security to your Updraft account.

Once 2FA has been configured for your user account, you will be prompted to enter the code generated by your one-time password app after entering your email address and password.

Once 2FA is enabled, it is only possible to log in to your account if the email address, password and one-time code are available.

2FA is available for Owner & Admin Users. Mobile-Users can't enable themself 2FA.

However, if an organisation enforces 2FA, the users with the user role 'mobile user' can also configure 2FA before they can log into the mobile dashboard.

Overview

Updraft supports devices as the second factor of authentication. After you enabled 2FA, in addition to your username and password to sign in, you’re prompted to type in the one-time code from your 2FA app. If 2FA is enforced by an Owner of an organization you will be prompted to activate your 2FA device when trying to sign in which performs then a secure authentication on your behalf.

Enabling 2FA

Updraft supports one-time password authenticator applications.

Step 1 enable 2FA in Updraft:

1. Login to your Updraft account

2. Go to your User Profile Settings

3. Go to Preferences

4. Click on Enable-2FA

Step 2 install a 2FA application on your device

1. Install a compatible application, like:

   • Google Authenticator

   • Microsoft Authenticator

   • LastPass Authenticator

   • SailOTP

2. In your 2FA application:

   1. Scan the QR-code in Updraft with your device’s camera to add the entry automatically.

   2. Enter the details provided in Updraft (URL & key) to add the entry manually into your authenticator application.

Step 3 back in Updraft

1. Enter the six-digit pin code from the 2FA application on your device into the Pin code field.

2. Click on Enable

If the pin code you entered was correct, you will be forwared the list of the recovery codes. Download them and keep them safe. After you close the recovery code page you will see a message displaying that you successfully enabled 2FA.

Recovery codes

Each recovery code can be used only once to sign in to your Updraft account.

Once two-factor authentication has been successfully configured, you will be prompted to save or download the recovery codes displayed. If you ever lose access to your one-time password authenticator or lose your device, you can use one of these recovery codes to log in to your Updraft account.

Signing in with 2FA Enabled

Logging in with 2FA is slightly different from logging in normally. Once you have configured 2FA, the next time you log in, after entering your username (email address) and password, you will be prompted to enter your 2FA authenticator app code. Once you have entered the code, you will be redirected to the Updraft dashboard.

Sign in by using a one-time password

When asked, enter the code from your one- time password authenticator’s application or a recovery code to login in.

Disabling 2FA

If you ever need to disable 2FA:

1. Go to your User Profile Settings

2. Go to Preferences

3. Click on Disable 2FA

This clears all your two-factor authentication configurations.

Recovery options

To disable two-factor authentication on your Updraft account (for example, if you have lost your 2FA code generation device) you can:

• Use a saved recovery code or

• regenerate 2FA recovery codes

Saved recovery codes

Enabling and the configuration of two-factor authentication for your account generates several recovery codes. Such recovery codes needs to be saved. You can use one of them to sign in into your account again.

You can use a recovery code after you typed in your username and password when prompted to type in the pin code from the 2FA authenticator application.

As soon you used one of your recovery codes you can't use them again, but you can still use all other recovery codes you saved

Regenerate 2FA recovery codes

To regenerate 2FA recovery codes, you need to login into your Updraft account at your desktop:

1. Go to your User Profile Settings

2. Go to Preferences

3. Click on Regenerate Recovery Codes

4. You need to confirm if you really want to regenerate recovery codes

5. Click Regenerate recovery codes

6. Save or download the new recovery codes

Ask an Updraft account owner to disable two-factor authentication on your account

If you cannot log in after you have already enabled 2FA, ask the Updraft Owner of your organisation for help. An owner of an updraft organisation can temporarily disable 2FA for each user in their organisation. Once an owner has disabled this, you can then reconfigure 2FA.

Enforcing 2FA

As the owner of an Updraft organisation, you can push 2FA for all your users.

Enforce 2FA

To enforce 2FA:

1. Go to your User Profile Settings

2. Go to your Account Settings

3. Enable enforcing for all users

Once this is enforced, your organisation's users will need to configure 2FA on their next login before being redirected to the Updraft dashboard. They will need to either scan the QR code or manually add the key to their Authenticator app. Once configured, they must log in and will be asked for the PIN code.

As the owner, you always have an overview of which users have 2FA configured and you can also disable 2FA in the user view. Just click on your user.

If 2FA is forced, your users cannot disable 2FA independently.

Enforcing 2FA for single users

An Owner of an organization is able to enforce 2FA for single users of his organization.

To enforce 2FA for a single user:

1. Go to the UsermanagementPage

2. Select the user you would like to enforce 2FA

3. Enforce 2FA

If an Owner enforces 2FA for a single user, the user is not able to deactivate 2FA himself and if a user has 2FA already activated, the Owner is still able to enforce 2FA for this user.

Disable 2FA for a single user:

1. Go to the UsermanagementPage

2. Select the user you would like to disable from 2FA

3. Disable enforce 2FA

If an owner disables "enforced 2FA" for a user, 2FA stays enabled until the user disables it by himself.