Two-factor authentication
Two-factor authentication
Two-factor authentication (2FA) provides an additional level of security to your Updraft account.
Once 2FA has been configured for your user account, you will be prompted to enter the code generated by your one-time password app after entering your email address and password.
Once 2FA is enabled, it is only possible to log in to your account if the email address, password and one-time code are available.
2FA is available for Owner & Admin Users. Mobile-Users can't enable themself 2FA.
However, if an organisation enforces 2FA, the users with the user role 'mobile user' can also configure 2FA before they can log into the mobile dashboard.
Overview
Updraft supports devices as the second factor of authentication. After you enabled 2FA, in addition to your username and password to sign in, you’re prompted to type in the one-time code from your 2FA app. If 2FA is enforced by an Owner of an organization you will be prompted to activate your 2FA device when trying to sign in which performs then a secure authentication on your behalf.
Don’t forget to back up your recovery codes!
Enabling 2FA
Updraft supports one-time password authenticator applications.
Step 1 enable 2FA in Updraft:
Login to your Updraft account
Go to your User Profile Settings
Go to Preferences
Click on Enable-2FA
Step 2 install a 2FA application on your device
Install a compatible application, like:
In your 2FA application:
Scan the QR-code in Updraft with your device’s camera to add the entry automatically.
Enter the details provided in Updraft (URL & key) to add the entry manually into your authenticator application.
Step 3 back in Updraft
Enter the six-digit pin code from the 2FA application on your device into the Pin code field.
Click on Enable
If the pin code you entered was correct, you will be forwared the list of the recovery codes. Download them and keep them safe. After you close the recovery code page you will see a message displaying that you successfully enabled 2FA.
Recovery codes
Each recovery code can be used only once to sign in to your Updraft account.
Once two-factor authentication has been successfully configured, you will be prompted to save or download the recovery codes displayed. If you ever lose access to your one-time password authenticator or lose your device, you can use one of these recovery codes to log in to your Updraft account.
Signing in with 2FA Enabled
Logging in with 2FA is slightly different from logging in normally. Once you have configured 2FA, the next time you log in, after entering your username (email address) and password, you will be prompted to enter your 2FA authenticator app code. Once you have entered the code, you will be redirected to the Updraft dashboard.
Sign in by using a one-time password
When asked, enter the code from your one- time password authenticator’s application or a recovery code to login in.
Disabling 2FA
If you ever need to disable 2FA:
Go to your User Profile Settings
Go to Preferences
Click on Disable 2FA
This clears all your two-factor authentication configurations.
IF 2FA is enforced by an Organization you will not be able to disable 2FA yourself. You need to get in contact with the Owner of your Organization.
Recovery options
To disable two-factor authentication on your Updraft account (for example, if you have lost your 2FA code generation device) you can:
Use a saved recovery code or
regenerate 2FA recovery codes
Saved recovery codes
Enabling and the configuration of two-factor authentication for your account generates several recovery codes. Such recovery codes needs to be saved. You can use one of them to sign in into your account again.
You can use a recovery code after you typed in your username and password when prompted to type in the pin code from the 2FA authenticator application.
As soon you used one of your recovery codes you can't use them again, but you can still use all other recovery codes you saved
Regenerate 2FA recovery codes
To regenerate 2FA recovery codes, you need to login into your Updraft account at your desktop:
Go to your User Profile Settings
Go to Preferences
Click on Regenerate Recovery Codes
You need to confirm if you really want to regenerate recovery codes
Click Regenerate recovery codes
Save or download the new recovery codes
If you regenerate 2FA recovery codes your previous recovery codes will not longer work. Save them!
Ask an Updraft account owner to disable two-factor authentication on your account
If you cannot log in after you have already enabled 2FA, ask the Updraft Owner of your organisation for help. An owner of an updraft organisation can temporarily disable 2FA for each user in their organisation. Once an owner has disabled this, you can then reconfigure 2FA.
Enforcing 2FA
As the owner of an Updraft organisation, you can push 2FA for all your users.
Enforce 2FA
To enforce 2FA:
Go to your User Profile Settings
Go to your Account Settings
Enable enforcing for all users
Once this is enforced, your organisation's users will need to configure 2FA on their next login before being redirected to the Updraft dashboard. They will need to either scan the QR code or manually add the key to their Authenticator app. Once configured, they must log in and will be asked for the PIN code.
As the owner, you always have an overview of which users have 2FA configured and you can also disable 2FA in the user view. Just click on your user.
If 2FA is forced, your users cannot disable 2FA independently.
Enforcing 2FA for single users
An Owner of an organization is able to enforce 2FA for single users of his organization.
To enforce 2FA for a single user:
Go to the UsermanagementPage
Select the user you would like to enforce 2FA
Enforce 2FA
If an Owner enforces 2FA for a single user, the user is not able to deactivate 2FA himself and if a user has 2FA already activated, the Owner is still able to enforce 2FA for this user.
Disable 2FA for a single user:
Go to the UsermanagementPage
Select the user you would like to disable from 2FA
Disable enforce 2FA
If an owner disables "enforced 2FA" for a user, 2FA stays enabled until the user disables it by himself.
Last updated