Set Up Two-Factor Authentication
The process for setting up two-factor authentication (2FA) in Paligo varies, depending on whether you have the Enterprise plan or one of our other plans.
-
On the Enterprise plan, administrator users can enable 2FA on all accounts at once.
-
On other plans, each user has to enable 2FA on their individual user account. Administrators can only ask users to do this, they cannot do it for them.
When you have enabled two-factor authentication in Paligo, each user can associate their user account with an authentication app, such as Authy (https://authy.com). The app will generate the validation code they need for logging in.
If your Paligo account is on the Enterprise plan, you can:
-
enable two-factor authentication (2FA) on all user accounts at once. You can also force all users to set up 2FA for their user accounts the next time they try to log in.
-
enforce a password rotation policy.
Note
If your Paligo account is on a different plan, see Enable 2FA on Individual User Accounts.
To set up 2FA and password rotation policy for all user accounts:
-
Log in to Paligo as an administrator.
-
Log in to Paligo via a user account that has administrator permissions.
-
Select the avatar in the top-right corner.
-
Select Settings from the menu.
-
Select the Users tab.
-
Paligo displays the settings page, which shows the Users tab by default. It contains a list of your Paligo users. A shield icon shows the 2FA status of the user accounts:
-
Green icon - User has enabled 2FA and associated a verification app. These users are ready to use 2FA.
-
Gray icon - User has enabled 2FA but has not associated their Paligo account with a verification app.
-
No icon - User has not enabled 2FA or associated Paligo with a verification app.
-
-
Select the Password policy button to display the password settings dialog.
-
In the Authentication section:
-
Check Auto-enable two factor authentication box if you want Paligo to use two-factor authentication (2FA) for all user accounts.
-
Check Enforce setup box if you want users to set up 2FA for their user account the next time they log in. To get access to Paligo, they will need to run an authentication app on their smartphone or another device and associate it with Paligo. They will be unable to log into Paligo until they have set up 2FA.
If you leave the checkbox unselected, users will be able to postpone setting up 2FA for their user accounts. Until they set up 2FA, they will be able to log in with only their username and password, which is less secure.
Note
You can only enforce 2FA setup if you also check the Auto-enable two factor authentication setting.
-
-
Select Save.
When your Paligo users next log in, they will be prompted to Log In using 2FA.
There are two ways to enable two-factor authentication (2FA) on user accounts.
-
If you have the Enterprise plan, an administrator can enable 2FA on all user accounts at once, see Enable 2FA for All User Accounts. Or you can let each user enable 2FA for themselves, see below.
-
Each user can enable 2FA on their own user account independently. If you do not have the Enterprise plan, this is the only way to enable 2FA.
To enable 2FA on your own user account:
-
Select the avatar in the top right corner.
-
Select My Profile.
-
On the General Options tab, use the slider button to enable 2FA for your user account (the background of the slider is blue when 2FA is enabled and white when it is disabled).
-
Select Save.
When you next log in to Paligo via this user account, you will be asked to provide a username and password and also to set up two-factor authentication. To find out more, see Log In using 2FA.