Can all Signagelive users configure 2FA?
All Signagelive users except SSO (federated) users can configure 2FA. For users who are SSO users (i.e. use Active Directory, Okta, One Login) they will never be challenged for a 2FA code, as their log-in process is managed from the SSO service. Therefore, if you use SSO to log in, the 2FA configuration section will not display in your profile and the Requires 2FA attribute won’t be available.
I just enabled 2FA on my user profile but still can't access a network that requires 2FA, why?
After enabling 2FA on your user profile, you'll need to log out and log back in using 2FA, providing either a verification code or a recovery code, to be able to access a network that requires 2FA.
How come old verification codes can be used?
Answer from the 2FA Nuget Package documentation:
Given that this two-factor authentication method is time-based, it is highly likely that there is some time difference between your servers and the user’s device. With these PIN codes changing every 30 seconds, you must decide what an acceptable ‘clock drift’ might be. Using the above code samples, the library will default to a clock drift tolerance of +/- 5 minutes from the current time. This means that if your user’s device is perfectly in sync with the server time, their PIN code will be ‘correct’ for a 10-minute window of time. However, if their device time is more than +/- 5 minutes off from your server’s time, the PIN code displayed on their device will never match up.
I don’t have access to my authenticator app, how can I log in?
You can log in using the “Login using a recovery code” option on the login page when challenged.
I’m running out of or I have lost access to my recovery codes, can I generate more?
Yes, it is possible to generate a new set of recovery codes within your user profile, and if you do this, any old unused codes will be disabled.
I’ve lost access to my authenticator app and recovery codes, how can I log in?
Please contact your network administrator for assistance. You may have the 2FA requirement temporarily disabled so you can log in and re-enable 2FA on a different device or generate more recovery codes on your user profile. If no other user is allowed to disable this requirement for you please contact Signagelive Support for assistance.
Can I disable 2FA?
Yes, you can disable 2FA within your user profile. Please note you will need to log in using 2FA before disabling it. Also note this is not recommended as 2FA adds an extra layer of security to your Signagelive account and you may no longer be able to access some of your networks if they require 2FA.
I’ve got 2FA configured but would like to use a different authenticator app, what do I do?
Please disable 2FA on your user profile and re-enable it using the new authenticator app, then remove the previous account from the previous app.
I’ve got 2FA configured but would like to use my authenticator app on a different device, what do I do?
Most common authenticator apps offer multi-device capabilities so you don’t have to do anything when using a new device. Please refer to your authenticator app documentation for further details.
If your authenticator app doesn’t offer multi-device capabilities please disable 2FA on your user profile and re-enable it using the new device, then remove the previous account from the previous device.