2-Factor authentication [guide]
This is currently a Beta feature
Please contact your account manager via firstname.lastname@example.org to turn this feature on.
This is a SMS/email-based verification feature. This does not use an authenticator app nor key-fob for verification.
1) Turn on Lab
Menu > Admin/manager > System setup > Account information > Workamajig Labs
Confirm that the lab has been enabled
2) Turn on 2-factor authentication
Menu > Admin/manager > System setup > Account information > Security settings > Global options
Check 'force users to use 2 factor authentication'
This completes the administrator's setup. The next step is performed by the individual users
3) Individual users: Click on your name in the top right corner > Default settings
Two-factor authentication send code preference: select the default method for sending you an email or SMS message with the verification code. The list will include email address, phone 1, phone 2, and cellular/mobile.
NOTE: At the time of login, the default will be presented to send code. However, you will be allowed to select one of the alternatives.
4) Test settings: log out of Workamajig > Enter credentials > Sign in > Verify send code preference > Send code > Enter code > Verify
1) Is this a global setting? Yes. All employees and contacts will need to set up their preferences. The phone numbers and email addresses should already be set up for them.
2) Is there a grace period? The user can bypass 2FA up to 5 times before being forced to set it up. If they are locked out, the Admin can reset the "grace period" for another five times via the Contact/employee record > Security controls > Reset grace logins for two-factor authentication.
3) Is this the same as SAML/SSO? No. This is a Workamajig UI-based feature. If you are using SAML/SSO, do not set this up, as it will conflict with your agency login settings.
4) Can this be turned off? Yes. Uncheck the box under Global settings, and this will be turned off.
5) Can Admins set the send code preference? No. The individual must set their preference. At the time of login, the individual can select from all possibilities before clicking send code. But the default must be set. If set to 'none', the grace period logins count will be used.