Skip to main content

Two-factor authentication

Two-factor authentication (2FA) adds an extra layer of security to your Brightspot account beyond a traditional username and password.

Enabling and disabling 2FA

Warning

Enabling two-factor authentication locks out all users until they can enter an authentication password. Ensure that your users are trained and have an authenticator installed on their devices before enabling two-factor authentication at the system level.

For all users

You can enable or disable two-factor authentication for all users.

To enable two-factor authentication:

  1. Click > Admin > Sites & Settings > Sites > Global.
  2. From the CMS tab, expand the Security cluster.
  3. Toggle on Two-Factor Authentication Required.
  4. Click Save.
  5. In the Enable Two-Factor Authentication widget, scan the QR code with your device. Your device displays an authentication code.
  6. In the Code field, enter the authentication code.
  7. Click Verify.

To disable two-factor authentication:

  1. Click > Admin > Sites & Settings > Sites > Global.
  2. From the CMS tab, expand the Security cluster.
  3. Toggle off Two-Factor Authentication Required.
  4. Click Save.

By role

You can enable or disable two-factor authentication at the role level, which overrides any setting you made at the global level.

To enable or disable two-factor authentication at the role level:

  1. Click > Admin > Users & Roles.

  2. In the Roles widget, select the role for which you want to enable or disable two-factor authentication.

  3. Toward the right of the widget, select > Advanced.

  4. From the Two-Factor Authentication Required field, select one of the following:

    • Default—Two-factor authentication setting for the role’s users is the same as at the site level.
    • Required—Role’s users need two-factor authentication to log in.
    • Not Required—Role’s users do not need two-factor authentication to log in.

  5. Click Save.

In your profile

Depending on your company's policy, you may not be required to use two-factor authentication when logging in to Brightspot. Regardless of that policy, you can enable two-factor authentication for your own account.

You can disable two-factor authentication if the following conditions are true:

  • Your company’s policy does not require two-factor authentication.
  • You enabled it on your own account.

To enable two-factor authentication in your profile

  1. Install an authenticator, such as Google Authenticator, on your device. The authenticator must be able to read QR codes.
  2. In the header, click your username to open the profile menu.
  3. Click Enable Two-Factor Authentication.
  4. Using the authenticator on your device, scan the QR code in the widget. The device responds with an authentication code.
  5. Enter the authentication code in the Code field.
  6. Click Verify.

Two-factor authentication is enabled.

To disable two-factor authentication in your profile

  1. In the header, click your username, then click Disable Two-Factor Authentication.
  2. Using the authenticator on your device, scan the QR code in the widget. The device responds with an authentication code.
  3. Enter the authentication code in the Code field.
  4. Click Verify.

Two-factor authentication is disabled.

First login with 2FA

This topic covers the steps to log into Brightspot for the first time using two-factor authentication.

To log in for the first time with two-factor authentication:

  1. If you don’t have an authenticator (such as Google Authenticator) installed on your device, install one. The authenticator must be able to read QR codes.
  2. Log in to Brightspot with your username and password.
  3. Using the authenticator on your device, scan the QR code in the widget. The device responds with an authentication code.
  4. Enter the authentication code in the Code field.
  5. Click Verify.

Subsequent logins with 2FA

This topic covers how to log into Brightspot subsequently with two-factor authentication.

To log into Brightspot subsequently with two-factor authentication:

  1. Log in to Brightspot with your username and password.
  2. Retrieve the two-factor password from your authenticator.
  3. Enter the password in the login prompt.
  4. Click Log In.

Losing authentication device

If you lose the device with the authenticator app, you cannot log in to Brightspot. In addition, if the person who has (or who stole) your device also knows your username and password, that person can log in to your account.

If you lose the device with the authenticator app, ask your Brightspot administrator to reset your authentication code.

Resetting 2FA

If a user configured for two-factor authentication loses the authentication device, there is an immediate security risk: the person who found (or purloined) the device may be able access the user’s Brightspot account. When a user reports a stolen device used for two-factor authentication, you need to reset the authentication protocol.

You can reset a user’s two-factor authentication if two-factor authentication is required for the user at the system, role, or user level.

Warning

Resetting two-factor authentication immediately locks that user’s account until the user can enter a new authentication password.

To reset a user’s two-factor authentication

  1. Click > Admin > Users & Roles.
  2. In the Users widget, select the user for whom you want to reset two-factor authentication.
  3. Click , and from the menu select Reset Two-Factor Authentication for This Tool User.
  4. Click Reset.