Configuring 2-Factor Authentication
This article explains how to configure 2-Factor Authentication (2FA) for your Paazl web app account in staging and production.
Note
Each user will be required to have their own Paazl web app account, please see configuring users for how to add a user to your Paazl web app.
What you need first
- Make sure you have a staging and/or production account.
- Install the Google Authenticator app on your mobile phone, you can find the official app store links for Android and iOS on Google authenticator support or Microsoft Authenticator.
Enable 2FA step-by-step
Log into staging.paazl.com or ship.paazl.com with your username and password.
You will be redirected to the 2FA configuration page. The page will show a QR code and an authenticator secret code, both of which can be used to connect your phone.
Google Authenticator
Open the Google Authenticator app on your phone and click the plus sign, then follow the steps below to use either the QR code or the Authenticator secret code:
QR Code
- Select 'Scan a QR code'
- Scan the code on the screen
Authenticator Secret Code
- Select ‘Enter a setup key’
- Fill in your account name and the authenticator secret code on the screen
- Type of key = ‘time based’
- Click ‘add’ to finish the process
Microsoft Authenticator
Open Microsoft Authenticator
- Add account if you have just installed it or the plus (+) sign in the top corner
- Select the 'Other Account (Google, Facebook, etc.)' option to add our 2FA
- Scan the code on the screen
Note
If you already have a similar e-mail account connected to your Microsoft Authenticator, you may see the message "This action will overwrite existing security ...".
If you want to connect a second account, you can edit the name of the other account by selecting it and pressing the gear in the top right corner. You can then edit the name by selecting the pencil.
Afterwards you can scan the QR code as above.
Once you have successfully connected your phone, you will have a 6-digit code available in the app. To complete the 2FA configuration, you will be prompted to enter the code in the application. Please note: the code is refreshed every 30 seconds and needs to be valid when you press 'Confirm'.
If the confirmation is successful, you will be logged in as usual. Otherwise, you will be prompted to enter a valid 6-digit code until successful.
Using 2FA
After enabling 2FA, you will be prompted to enter the 6-digit code when logging into your Paazl web account.
- Log into staging.paazl.com or ship.paazl.com with your username and password
- You will be redirected to the 2FA page and prompted for the 6-digit code
- Fill in the code that is shown in your Google authenticator and select 'confirm'
Note
Each 2FA session is valid for 8 hours, which means that you can log back into your Paazl web application account without a 2FA prompt. This helps in the event of a timeout due to inactivity.
Please note that if you intentionally log out of your Paazl account, the 2FA session will become invalid and you will be prompted for a new 2FA code.
Reset 2FA
If the configuration was not successful, or if the phone has been lost or replaced, you can reset the 2FA.
To do this, a Master user can use the 'Reset user' function in User Management. This function sends an email to the recipient and gives them the option to reset their password and 2FA. See configuring users for more information.