What is two-factor authentication?
Two-factor authentication provides an additional layer of security for your Persona Dashboard user accounts and helps keep your data shielded from cyber threats. We strongly recommend that all Dashboard users enable 2FA due to the sensitive nature of customer data stored on Persona.
With 2FA, sign-in to the Persona Dashboard becomes a two-step process:
- Something you know (password)
- Something you have (code generated by authenticator app, or code sent to email or phone)
Persona currently supports authenticator app, email, and phone as 2FA methods.
User setup
Teammates can enable 2FA in Organization / Security. When enabled, all sessions besides the current session will be expired.
Note: to be able to use phone, a Dashboard user must update their profile to have a phone number.
Team management
Organization admins can choose to enforce 2FA for all teammates for further protection.
Admins can require teammates to use two-factor authentication on the Organization / Security page in the 'two-factor authentication' section. This section is only editable by admins. This makes it harder for malicious actors to access organization data.
Admins can choose to start enforcement immediately or to schedule enforcement to begin at a later date. When enabled, all users without 2FA will also see a warning message with instructions to set up 2FA.
We recommend scheduling rollout for the future and notifying all teammates of this new requirement in order to reduce the risk of locking teammates out of their accounts and disrupting operations.
When setting up enforcement, a count of users who will be locked out of their accounts will be shown. This information can also be tracked per user on the Team / Users page in the '2FA Enabled' column.
When enforced, new teammates will be required to set up 2FA before gaining access to the Dashboard.
Recovery
If a teammate loses access to their 2FA method, an admin can issue a one-time recovery codes to regain access on the Team / Users page in the three-dot menu for that user.
Teammates who have set up 2FA can also generate a one-time recovery code themselves in Profile > Security in the 'Recovery Code' section.
Recovery codes do not expire and should be securely stored. Only send recovery codes to teammates whose identity you are certain of.