2-Factor authentication [guide]
This guide walks you through how to setup and use Two-Factor Authentication (Also known as 2FA) with your Workamajig Logins.
Please note that this is an independent SMS/email-based verification feature. This does not use or work with an authenticator app, nor key-fob for verification.
NOTE: If you are using SAML/SSO this feature will be hidden. You cannot setup/use SAML and 2FA at the same time.
Admin Setup | User Setup | Considerations
Admin Setup
Turn on 2-factor authentication
Menu > Admin/manager > System setup > Account information > Security settings > Global options
Check 'force users to use 2 factor authentication'
This completes the administrator's setup. The next step is performed by the individual users
User Setup
NOTE: If you only have an email address setup on your employee record, you can skip this setup step. The system will use your email address by default. You only need to follow this step if you have an email address and one or more telephone numbers. Then you can set a "default" method following the steps below.
1) Individual users: Click on your name in the top right corner > Default settings
Two-factor authentication send code preference: select the default method for sending you an email or SMS message with the verification code. The list will include email address, phone 1, phone 2, and cellular/mobile.
NOTE: At the time of login, the default will be presented to send code. However, you will be allowed to select one of the alternatives.
2) Test settings: log out of Workamajig > Enter credentials > Sign in > Verify send code preference > Send code > Enter code > Verify
Considerations
1) Is this a global setting? Yes. All employees and contacts will need to set up their preferences. The phone numbers and email addresses should already be set up for them.
2) Is there a grace period? If the Two Factor Authentication Send Code Preference is not set, the user can bypass 2FA up to 5 times before being forced to set it up. If they are locked out, the Admin can reset the "grace period" for another five times via the Contact/employee record > Security controls > Reset grace logins for two-factor authentication. It is highly recommended that you require them to make a selection. Once the select is made the bypass will no longer be available.
3) Is this the same as SAML/SSO? No. This is a Workamajig UI-based feature. If you are using SAML/SSO, do not set this up, as it will conflict with your agency login settings.
4) Can this be turned off? Yes. Uncheck the box under Global settings, and this will be turned off.
5) Can Admins set the send code preference? No. The individual must set their preference. At the time of login, the individual can select from all possibilities before clicking send code. But the default must be set. If set to 'none', the grace period logins count will be used.