Contents
General 2FA settings
Two-factor authentication (2FA) provides an additional security layer when signing in to the system. In addition to the username and password, the user must enter a one-time verification code.
To enable two-factor authentication, go to Settings → System → General and find the Two-factor authentication block.
The following verification code delivery methods are available:
- Sending an email with a code — the code is sent to the user's email address.
- Sending an SMS with a code — the code is sent to the phone number linked to the user's profile.
- Sending a code through an authentication app — the code is generated in a dedicated one-time password (OTP) app on the user's device.
2FA operation modes
When the Sending a code through an authentication app authorization type is selected, the Two-factor authentication operation mode setting appears. Two modes are available:
- Optional — users can enable the second factor voluntarily to improve the security of their account.
- Required — 2FA becomes a system requirement. If a user has not configured the second factor yet, they will be required to do it during the next sign-in.
Note
Enabling the required mode does not block access for users who have not configured the second factor yet. During the next authentication, they will be automatically redirected to the 2FA setup page, which cannot be skipped.
After selecting the required parameters, click Save.
Setting up 2FA in a user profile
The second factor setup status can be tracked for each employee in their user profile.
Go to Settings → Users → Users, open the required user profile, and go to the Two-factor authentication tab.
This tab displays:
- Current mode — the code delivery method configured in the system.
- Authentication phone number (for SMS authorization) — the field where the administrator can specify or change the user's phone number for receiving codes.
- Application status (for OTP authorization) — displays the Linked or Not linked status. If the status is Linked, the administrator or the user can unlink the current app to link a new device.
- Authentication errors — a table with failed verification code entry attempts. The table includes the date, number of attempts, and IP address.
Linking an authentication app (OTP)
If receiving the code through an app is selected in the system, the linking screen appears when the user signs in for the first time after the 2FA setting has been enabled.
- Install a two-factor authentication app that supports one-time code generation, for example Google Authenticator.
- Scan the QR code displayed on the screen using the installed app.
- Enter the 6-digit code generated by the app in the Code from app field.
- Click Confirm.
Note
When linking from a mobile device, use the QR code image. It can be saved and scanned from the gallery. Alternatively, copy the text linking key and add it to the authentication app manually. After linking, enter the generated 6-digit code to complete authentication in the Simla app.
During subsequent sign-ins, the system will request only the verification code from the linked app.