2-step verification is a simple and more secure way to protect your accounts. It combines a password (something that you know) with a second factor (something that you own), so it is less vulnerable to attacks.
The most common verification techniques are:
- Text messages with PIN code on your mobile phone
- Authenticator app generates an authentication code
- Yubikey (a hardware device similar to USB)
Bloomreach Engagement currently offers 2-step verification with the Authenticator app and Text message. We plan to support Yubikey soon.
To enable 2-step verification for your Bloomreach Engagement accounts, go to
User Settings >
Once the 2-step verification is enabled, you will be asked to verify yourself with the chosen method every time you log in. Also, you will be asked to provide a new token/code from the authenticator app after 30 days or every time your IP is changed.
Install an authenticator app on your mobile device. You can use any authenticator mobile app, but we recommend to install Google authenticator:
- iOS: https://itunes.apple.com/us/app/google-authenticator/id388497605
- Android: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
Open authenticator and scan the QR code to obtain a 6 digit code which you need to input in Bloomreach Engagement. Click "confirm".
Backup codes are useful if you don't have access to your mobile or Yubikey. When you enable this option, you will obtain 10 codes which you can use to log in. You can use every code only once.
Note that backup codes are not part of 2-step verification. Use backup codes only as a recovery option if you lose access to your devices.
User settings ->
Security enable the "Text message" option. When you enable this option you need to enter your phone number and click
Get code. Once you receive the code type it into the text area below. Click confirm.
You can add more phone numbers for this verification method. Just click
showwhen text message verification is enabled.
Occasionally, you might encounter problems with your Google Authenticator app. We have put together a few solutions that solve the most common problems.
Time syncing incorrectly is one of the reasons why your Google Authenticator codes might have stopped working and/or are displaying an error. To resolve this issue follow these steps:
- Open the Google Authenticator app
- Navigate to the Menu
- Select Settings
- Click on Time Correction for Codes
- Click Sync Now
This will automatically correct the time.
Whether you are using Android or iOS, you will need to navigate into the settings, look for Date & Time, and toggle both automatic time and timezone on.
As described above, it is always good to generate and store securely your backup codes. This is useful not only for the times when your app might not be working properly but also for rare cases when you might lose or damage your device.
Project or Account settings ->
Two-step verification, you can now enforce the usage of two-step verification. In the new settings section, you can decide who needs to use it and would be required to log in again as verification. It can be applied per account, project or specific role. Additionally, you can create a new custom role that inherits other predefined roles but has a requirement to use two-step verification. We try to provide the most flexible options for various requirements and situations.
You can apply the enforcement on both project and account level. The settings allow you to choose one out of 3 options available:
- Optional: this is the same as was before. It is up to you if you want to use two-step verification.
- Mandatory for selected roles: this option allows the client to select a set of roles that require the use of two-step verification. Every user that has one of the selected roles, has to use a second factor for login.
- Mandatory for all users: If this option is selected, every user with access to account/project will be required to use two-step verification.
If specific roles on account level require the use of two-step verification, this is inherited also on a project level for all projects within the account. It is strongly recommended that users also download backup codes when he is setting up two-step verification. This option is available on the same settings page.
Settings can be changed only by project admin.
Updated 5 months ago