Log In using 2FA

The process for logging in to Paligo using two-factor authentication (2FA) varies depending on whether you are logging in:

  • For the first time since 2FA was enabled

  • From a location that you have already verified for 2FA. This is a "trusted location".

  • From a new location. Paligo regards the new location as suspicious, so you will need to verify your login.

The following sections describe the steps to follow for each of these scenarios.

If you are logging in to Paligo for the first time since two-factor authentication has been enabled:

  1. Open a browser and go to the url for your Paligo instance. Paligo displays the log-in page. Enter your log in details and select Sign In.

  2. On the the Two factor authentication setup page, there is a QR code and a secret key.

    Two factor authentication 2FA authentication setup page showing QR code and secret key. Both blurred for security in image.

    On your phone or other device, install an authentication app, such as Authy or Google Authenticator, and add a new device. Choose to either scan a barcode or provide a key, depending on what the app supports and what device you have.

    • If you chose to scan a barcode, use your device's camera to scan the QR code.

    • If you chose to provide a key, enter the secret key numbers and letters.

    The authentication application then generates a verification code.

  3. Enter the verification code in the field on the two factor authentication setup page and select Continue.

    If the verification code is correct, a success message is displayed and you are provided with a code. You should make a record of this code as you can use it to log in if you have lost your device. (The code can only be used once).

    2factor-first-login-setup.jpg

    If the verification code is wrong, an error message appears. Please check the verification code in your authentication app and enter it again. The verification code in your authentication app will change automatically every 30 seconds.

    Important

    Make sure that your device shows the correct time. The verification code will only work if the time on your device is correct.

  4. Press Continue to log into Paligo.

When you successfully log in from a device, your location is added to your list of trusted locations. When you log in from a trusted location, you can use your username and password without a verification code, as Paligo knows you have verified that location before.

If you need to log in from a different location, Paligo will ask for your username, password, and verification code. If you do not have access to the device that runs your authentication app, you can use the backup code to log in.

If you are logging in from a trusted location, you only need to provide your Paligo username and password. There is no need for a verification code.

A trusted location is a place where you have previously logged in to Paligo and provided a verification code. Your user account has a list of trusted locations, and Paligo will let you log in to those with only a username and password, unless any of the following are different:

  • IP address or location

  • Browser and browser version

  • Operating system

If any of the above are different, Paligo will ask you to enter a verification code. You will need to get the verification code from the authentication app on your smartphone, tablet, etc. If you do not have access to the authentication app, you can use your backup code instead.

Note

When you log in from a new location, Paligo sends you an email containing details of the log in. If this looks suspicious, you should change your password immediately.

If you have two-factor authentication enabled and you want to log in to Paligo from a new location, you will need to provide:

  • username

  • password

  • verification code.

This is because the location has not yet been verified and so is not in your list of trusted locations.

The verification code is generated by the authentication app you used to set up two-factor authentication for your user account. Typically, it runs on your smartphone, tablet, or similar device.

If you do not have access to your authentication app, you can use your backup code instead.