Two-Factor Authentication
- Table of Contents
- Introduction
- Code re-use
- Configuration in User Interface
- GreenArrow Engine
Introduction
Each Studio User can have Two-Factor Authentication (2FA for short) enabled. 2FA offers an extra layer of security, requiring more than knowledge of a single password to gain access to your account.
GreenArrow supports the Time-based one-time password algorithm. This algorithm involves a shared secret known only to GreenArrow and your secured authentication app (e.g. 1Password). The shared secret is transmitted over the Internet only a single time – at the time of configuration. Subsequently, when signing into GreenArrow, a new One-Time Password is generated to verify that you are in posession of the shared secret.
Once 2FA is configured, GreenArrow will require your second form of authentication to gain access to GreenArrow’s user interface. GreenArrow never requires 2FA authentication for access to the GreenArrow Studio API.
Code re-use
When a one-time password is used, it cannot be reused. This means that if a user quickly signs in, signs out, and attempts to sign back in – they might “beat” the 30 second clock upon which the one-time password is generated. In this case, the user should wait for a new one-time password and retry.
Configuration in User Interface
Enabling 2FA configuration
In order to add 2FA to a user, you must be signed in as that user.
- Navigate to the “My Account” section of the “Admin” menu.
- Click “Enable two-factor authentication” and follow the instructions on the form.
Removing 2FA configuration
If a user loses their authentication or otherwise wants to remove 2FA from their account, you can accomplish this in the user interface.
- Navigate to the “My Organization” section of the “Admin” menu.
- Click the view icon on the user for which you want to remove 2FA configuration.
- Click “Remove two-factor authentication” and confirm the prompt.