Security

This section contains information about how to set up two-factor authentication for security purposes.

Two-Step Verification Preferences

Two-step verification is an extra layer of security created to ensure that only authenticated users get access to the organization's information or account.

This verification process combines the user name and password on their device with a secret key from an authenticator app or through an SMS they receive on their mobile phones.

To go to the verification screen:

  • Click Settings > Entire Site > Security > 2-Step Verification Preference.

    verification settings

  • It will go to a screen where the Administrator can add settings for verification.

    verification process

  • There are two scenarios in this case.
    1. If the Administrator checkmarks on Allow users to turn on 2-step verification and Enforcement is Off, users don't need additional confirmation of 2-step authentication.
      1. Whenever users log into OfficeClip, they will see the screen with two options - Get Started and Don't ask again.

        user login

      2. If the user selects the Don't ask again option, they will log into their account. They will not be able to see this screen next time they log in.
      3. If the user decides that they want to set up a two-step verification process later, they can go to Settings > My Profile > 2-Step Verification Setup and click on the Setup button.

        identity verification

    2. But if the Administrator checkmarks on Allow users to turn on 2-step verification and Enforcement is On, it is mandatory, and the users have to follow the 2-step verification process.
      1. Whenever users log into OfficeClip, they will see the screen with only one option - Get Started.

        verification process

      2. The user will have no choice other than to set up 2-factor authentication.

Setup 2-Step Authentication

If 2-step authentication is enabled, the user will be presented with the Get Started screen (as shown above) when they log in for the first time.

  1. The user clicks on the Get Started button.
  2. The user will be directed to a screen where they will have to install an Authenticator app. For more details about the Authenticator app, click here.
  3. The user will have to activate the Authenticator app. Then, they can either scan the QR code or enter the Security key given in the 2-step verification screen.

    verify code

  4. We have used the Google Authenticator app for the verification process. Let's take a look at how it works.
    1. Click on the add icon icon in the Google authenticator on your mobile device.
    2. It will ask for two options. Either scan a QR code or Enter a setup key.
    3. When you click on the scan QR code option, it will scan the code and provide a code to verify.
    4. With enter setup key option, you will have to enter your Name, the security key provided in the two-step verification process, and select the time-based key type. After entering details, click Add.
    5. After entering details, the app will provide you with a verification code. Enter the code on the 2-step verification screen and click Verify.
  5. The two-step verification screen will show as Enabled.

    verification process enabled

Login with 2-Step Authentication

After setting up the verification process, whenever users login to their account, they have to go through the verification process to confirm their identity. When they log in:

  1. They will see a screen that asks the user to enter the code and log in.
  2. They need to check their authenticator app, which keeps on generating new code after few seconds. Enter the code and click on Login.

    enter code for verifying

  3. In some scenarios, they may have lost your device where you have installed the authenticator app. To learn more about the procedure to be followed for this, click here.
  4. If the verification is not mandatory, the user can disable the 2-step verification by simply clicking on the disable 2-step verification link on the login screen.
  5. They will receive an email from OfficeClip to disable the 2-step verification.

    disable verification

  6. They need to click on the link in the email.

    verification disabled

  7. It will ask for a password; they need to enter the password and click on Submit.
  8. This process will disable the 2-step verification, and the user will be able to log into their account without the verification process.

Lost Device

Usually, while verifying identity, users receive their code on their mobile devices. However, there may be a possibility that sometimes the user may have lost their device or damaged it. In this case, follow the steps given below:

  1. Log into your account by entering your email and password.
  2. You will see this screen.

    lost mobile device

  3. Click on the Disable 2-step verification link.
  4. OfficeClip will send an email to your inbox. Click on the given link.

    lost device setup

  5. Enter your password and click on Submit.

    verification process disabled

  6. If the verification is not mandatory, then this process will disable the verification process permanently. If the verification is mandatory, this procedure will disable your verification process for the next 24 hours.
  7. The other way to disable verification if the user has lost the device is to contact your Administrator and inform them.

Steps to be followed by the Administrator to disable verification:

  1. Click on Settings > Entire Site > 2-Step Verification Preference.
  2. On this screen, you will see the list of all the users and the status of their verification process. Click on the disable 2-step verification icon.

    admin setup verification process

  3. A pop-up will appear to verify the process. Once the Admin clicks on OK, the 2-step verification process will be disabled for the next 24 hours.

    identity verification

Information on Authenticator App

Authenticator app generates a one-time code that is used to confirm your identity while logging into your account. This code is a security layer that can be used to access bank accounts or sensitive data.

List of few free authenticator apps:

  1. 2FA Authenticator: Available on Android and App Store
  2. Google Authenticator: Available on Android and App Store
  3. Microsoft Authenticator: Available on Android and App Store

How to use Authenticator apps?

  • Install the authenticator app on your mobile from the app store.
  • Click on the identity verification icon.
  • Add your account.
  • Scan the QR code or enter the security key.
  • It will generate a one-time code, enter the code in your account, and get verified.
  • These apps keep on generating new codes after a duration of 30 seconds.
  • The process mentioned-above may vary for different apps.