I haven't enabled 2FA on my user profile, can I access a network which requires 2FA?
If you are locked out due to a Two-Factor Authentication (2FA) requirement, please contact your network administrator for assistance. They may be able to temporarily disable the 2FA requirement at the network level to allow you to regain access.
Security Recommendation:
We strongly recommend you configure 2FA on your user profile immediately after gaining access. Enabling 2FA adds a critical layer of security to your Signagelive account, protecting your network from unauthorized access.
Administrators play a crucial role in managing the balance between security and seamless access. You can enforce best practices to ensure a smooth Two-Factor Authentication (2FA) rollout and maintain network compliance:
Temporary Network Suspension: During the initial setup phase or a large user transition, temporarily disable 2FA for the entire network. This prevents users from being locked out while they are setting up their personal accounts.
User Configuration Mandate: Actively ensure that all individual users configure 2FA on their respective user profiles while the network-level requirement is suspended.
Re-enable and Maintain Compliance: Once all users have confirmed their personal 2FA setup, re-enable the network-level 2FA requirement. This final step maintains the highest level of security and ensures ongoing compliance with organisational policies.
Can all Signagelive users configure 2FA?
The ability to configure Two-Factor Authentication in Signagelive depends on your login method:
Standard Signagelive Users (Non-SSO)
All users who log in directly with a standard Signagelive username and password can configure 2FA on their user profiles.
We strongly recommend these users enable 2FA for enhanced security.
SSO (Federated) Users
Users who log in via Single Sign-On (SSO)—such as Active Directory, Okta, or OneLogin—cannot configure 2FA within Signagelive itself.
Reason: The authentication process, including any multi-factor challenge, is managed entirely by your external SSO service.
Result: The 2FA configuration section will not display in your Signagelive profile, and the 'Requires 2FA' attribute will not be available.
I just enabled 2FA on my user profile but still can't access a network that requires 2FA, why?
Once you have successfully enabled Two-Factor Authentication (2FA) on your user profile, you need to perform a test login to activate it for your network access.
Log out of your current Signagelive session.
Log back in. During this login, you will be prompted for a verification code from your authenticator app or a recovery code.
You must complete this verification step to access any network that requires 2FA.
I don’t have access to my authenticator app, how can I log in?
You can log in using the “Login using a recovery code” option on the login page when challenged. For more information, please see this article. Recovery codes are vital backups provided during the 2FA setup process and should be securely stored to ensure you can regain access in scenarios where the primary authenticator app fails.
Recovery codes are a vital backup that ensures you can always regain access to your Signagelive account, even if your primary authenticator app is unavailable or lost.
How to Use a Recovery Code:
If you are challenged for a 2FA code but cannot provide one, look for the "Login using a recovery code" option on the login page. Enter one of your saved recovery codes to bypass the primary authentication challenge.
Best Practice: Secure Storage
Recovery codes are provided during the initial 2FA setup process.
It is essential to store these codes securely as soon as they are generated. Treat them as highly sensitive passwords.
I’m running out of or I have lost access to my recovery codes, can I generate more?
You can generate a new set of recovery codes at any time within your user profile settings. This can be useful if you suspect your existing codes may have been compromised or lost.
Important Action:
Disabling Old Codes: When a new set of codes is generated, any previous, unused recovery codes are immediately disabled and can no longer be used for access.
Secure Storage: You must securely store the new recovery codes in a safe location. To prevent unauthorised access, ensure these codes are never shared with anyone.
I’ve got 2FA configured but would like to use a different authenticator app, what do I do?
Please disable 2FA on your user profile and re-enable it using the new authenticator app, then remove the previous account from the old app. The exact step-by-step process would be:
Disable 2FA on your user profile within Signagelive (using a code from the original authenticator app).
Once this is disabled, delete your Signagelive Account from your old authenticator app.
Log back into Signagelive and re-enable two-factor authentication (2FA) on your user profile.
On your new device, download an authenticator of your choice and scan the QR code shown on-screen.
Enter a code from your new authenticator app and jot down the new recovery codes.
I’ve got 2FA configured but would like to use my authenticator app on a different device, what do I do?
Most common authenticator apps offer multi-device capabilities so you don’t have to do anything when using a new device. Please refer to your authenticator app documentation for further details.
If your authenticator app doesn’t support multi-device functionality, please disable 2FA on your user profile before deleting the account from the old device, as a verification code is required to disable 2FA in Signagelive. You can then re-enable it normally using the new device; after that, it’s safe to remove the previous account from the old device. The exact step-by-step process is as follows:
Disable 2FA on your user profile in Signagelive. A code from the old device is needed.
Delete any recovery code previously saved (these were generated when 2FA was enabled)
Delete the account on the old device
Enable 2FA on your user profile in Signagelive.
Scan the QR code on the new device
Enter a code from the new device and save the new recovery codes
I’ve lost access to my authenticator app and recovery codes, how can I log in?
Please contact Signagelive Support if you need assistance.
Can I disable 2FA?
Yes, you can disable 2FA within your user profile. Please note that you will need to log in using 2FA before disabling it. Also, note that this is not recommended as 2FA adds an extra layer of security to your Signagelive account, and you may no longer be able to access some of your networks if they require 2FA.
Please Note
If you disable 2FA on your account and try to log into a Signagelive Network that requires 2FA, you will not be able to access this Network until you have re-enabled 2FA on your account.
How come old verification codes can be used?
Since this two-factor authentication method is time-based, there is a high chance of some time difference between your servers and the user’s device. With these PIN codes changing every 30 seconds, you need to determine what constitutes an acceptable ‘clock drift'.
Using the code examples above, the library defaults to a clock drift tolerance of +/- 5 minutes from the current time. This means that if your user’s device is perfectly synchronised with the server time, their PIN code will be valid for a 10-minute window. However, if their device time deviates by more than ± 5 minutes from your server’s time, the PIN code displayed on their device will never match.