Two-Factor Authentication

What is 2FA (Two-factor Authentication)?

2FA, also known as Multi-factor authentication, adds another validation step to the login process. Without 2FA a user enters their username and password and they are logged in - that is considered single-factor authentication.  2FA adds a second level of authentication at login.  If using 2FA In Halcyon, the user must first perform a quick one-time registration of a mobile device.  After the device is registered a 7 digit code will be sent to the device which must be entered into Halcyon before the user is fully logged in. Enabling this feature is optional but suggested. 

User Registration and 2FA Login Process

If you have 2FA enabled, (detailed below) your users must complete a one-time registration process. This will register the device the user wishes to receive the codes on in order to complete their login.

When the user submits the above form, the phone number they enter will be checked to make sure it is a valid number.  If valid, the phone number they entered will be registered and the device will receive a 7 digit code by text.  That code must be entered on the next screen in order to complete the login process.

The user has the option to set the device and browser they are using as a "trusted" by clicking the "Remember Me" checkbox.  If they check that box they will not be required to enter a code again until the number of days defined via the Admin settings (discussed below) have passed. In the screen shot above the re-authentication interval is set to every 90 days.

If the user has not checked the Remember Me checkbox OR the validation period has expired (after 90 days since last validation in the example above) they will receive a 7 digit validation code by text that they must enter before they are logged in.

Enabling 2FA in Halcyon

To enable 2FA for all of your users visit Admin > Multi-factor Login Authentication.  

You can turn on and off the requirement for 2FA by clicking the "Multi-factor Login Authentication is Currently" toggle button.  If you enable 2FA (Multi-Factor) you must set the number of days your users are required to re-authenticate.  After your entered number of days have passed since their last authentication, the user will be required to re-authenticate (by receiving and entering the 7 digit code) even if they have trusted the device and browser via the "Remember Me" button.