Support and Documentation

Two-factor authentication at the site level
Enabling two-factor authentication

You can enable two-factor authentication for all Brightspot users associated with a particular site. In addition, you can override the site-level two-factor authentication setting at the role level and at the user level.


The following procedure locks your account and all other accounts until users are able to enter their own authentication passwords. Ensure your users are trained and have an authenticator installed on their phones before enabling two-factor authentication at the site level.

Procedure. To enable two-factor authentication at the site level:
  1. Install an authenticator, such as Google Authenticator, on your device. The authenticator must be able to read QR codes.

  2. From the Navigation Menu, expand Admin, and select Sites & Settings.

  3. In the Sites widget, select Global. The Edit Global widget appears.

  4. Under CMS, under Security, turn on Two-Factor Authentication Required.

  5. Click Save. The Enable Two-Factor Authentication widget appears. (You are effectively locked out of your account; you must complete this procedure before you can continue using Brightspot.)

    Enable Two-Factor Authentication widget
    Figure 121. Enable Two-Factor Authentication widget

  6. Using the authenticator on your device, scan the QR code in the widget. The device responds with an authentication code.

    Sample two-factor authentication code
    Figure 122. Sample two-factor authentication code

  7. Enter the authentication code in the Code field.

  8. Click Verify. You return to the Edit CMS widget.

Disabling two-factor authentication
Procedure. To disable two-factor authentication at the site level:
  1. From the Navigation Menu, expand Admin, and select Sites & Settings.

  2. In the Settings widget, under Applications, click CMS.

  3. In the Edit CMS widget, under Defaults, turn off Two-Factor Authentication Required.


Individual users can enable two-factor authentication even if it is not required at the site level. For details, see Enabling two-factor authentication.