The 2 step authentication feature works when using the IdeaScale Email (instead of username) and Password Authentication service alone or in combination with other authentication services such as SSO and social login. The 2 step authentication feature applies only to the IdeaScale Email and Password authentication pathway. The authentication pathway by SSO and social login is controlled by those other services.
2FA is an individual Security setting made available to standard users, which they can choose to enable or disable at will, from profile section. Administrators will still have the community level access to enable or disable this feature.
Community Settings >> Security >> Access Restrictions>>2 Step Authentication
This authentication can be done in two ways, one being an email received by the user with a One Time Password & another using the authenticator app by scanning the QR to get the 6 digits code to be logged into the community. The administrator of the community can set up the authentication in both or either of the ways. If the admin decides to set up only by one way in the community then the user will be able to enable it through that method only in the profile section.
Please Note: If 2FA is enabled at community level, members will not be able to turn it off from their profile page
Once the 2 step authentication is enabled, every user logging in for the first time will have to follow these procedures.
The user will have to select the second step for their authentication. In the below screenshot the user has selected 'Email me a code'. The code will be sent to his registered email address.
The first time user of this authentication will also be given 5 backup codes to login in case you are away from your phone, when you are traveling or in the event of the stolen device. Each code can be used only once. Please record them in a safe place.
After you have made a note of these backup codes, hit 'Complete', you will be moved to the Profile section of the user.
If at any point you have not made a note of this codes during your login you could get these codes from Profile>>Security>>2 Step Authentication
Back up codes for 'Email me a code"
Back up codes for 'Authenticator App'
Google Authenticator app can be downloaded from apps store. It scans QR code and gives 6 digit code.
Here is the video link that shows multifactor authentication demonstration for SSO and Non-SSO members in mixed SSO community https://cl.ly/05191T163n0X
Members can now turn on Two Step Authentication from their Profile>>Security page even if it is turned off in the Community or Account level.
Please Note: If 2FA is enabled at community level, members will not be able to turn it off from their profile page.