Two Factor Authentication

Two factor authentication increases the security of your account by requiring a verification code from your phone in addition to your password.

How does it work?

Enchant supports two factor authentication using an that generates time based verification codes (TOTP). Once you've scanned a code we display during setup, the app generates a verification code that changes every 30 seconds. Your phone doesn't need to be connected to the internet to get a new verification code.

When you're going through the setup process for two factor authentication, the system will also generate a set of backup codes which can be used if you don't have access to your phone. However, each of the backup codes can only be used once.

Which app needs to be installed?

Any app that is compatible with the Google Authenticator TOTP implementation will work.

We recommend Google Authenticator, Microsoft Authenticator or Authy. Download any of these apps from your phone's app store.

How to turn on two factor authentication for a specific user

A user can enable two factor authentication from their security settings:

From the security settings page, click on Enable Two Factor Authentication and follow the instructions.

Turn on two factor authentication for all users

From the General company settings, you can setup Enchant to require two factor authentication for all users:

Once this setting is enabled, all users will be required to setup two factor authentication before they're able to use the system.

Note: Any user that doesn't already have two factor authentication enabled when the requirement is turned on will be logged out.

What to do if you lost your phone

Use your backup codes to log into Enchant. Once logged in, disable two factor authentication so codes generated by the lost phone won't work. Once you have your new phone, re-enable two factor authentication with the new phone.

If you also lost your backup codes: Any administrator of your help desk can disable two factor authentication on your account.

If your help desk is configured to require two factor authentication: You will need to re-enable two factor authentication on another trusted phone (manage, coworker, etc) and just use the backup codes (provided during setup) until you receive your new phone. When you are running out of backup codes, go to your security page and generate some more.

What to do if you've left your phone at home

Use your backup codes to log into Enchant. Remember that each code can only be used once. When you are running out of backup codes, go to your security page and generate some more.

If you lost your backup codes: Any administrator of your help desk can disable two factor authentication on your account.