Setting Up Two-Factor Authentication

Two-factor authentication makes logging into Plutora more secure by adding an extra layer of security to confirm your identity.

Two-factor authentication does not apply for SSO users as authentication is handled by the third-party authentication service.

How Does Two-Factor Authentication Work?

When two-factor authentication is enabled, users are required to log in using their user name and password, plus one of the following:

  • A random 6-digit code generated by the Google Authenticator app on your smartphone.
  • A one-time 6-digit code sent to an email address that you do not use to log into Plutora.
  • Answers to security questions.

For Administrators

Managing Two-Factor Authentication

Enable Two-Factor Authentication

To enable two-factor authentication:

  1. Go to Settings > Customization > Site Settings.
  2. Click Login Settings.
  3. Click to select the Enable Two-Factor Authentication checkbox:
    • The Enable reCAPTCHA Prompt checkbox will automatically be selected.
    • reCAPTCHA increases security by establishing that the user is a human and not a bot.
  4. Click to select the Enable Remember me for 30 days checkbox:
    • This means users will not need to complete two-factor authentication when logging into Plutora on their current device for the next 30 days.
    • Their device will be listed as a Trusted Device.
    • Devices are laptops, desktop computers, and so on.
    • Users will still need to enter their username and password if they log out and back in on their device.
    • After 30 days, users will need to complete two-factor authentication again if they log into Plutora on that same device.
  5. Click Submit.
    The yellow Your changes have been saved pop up opens and closes.
    If you click away from the Customization page without clicking Submit, your changes will not save.

 

Disable Two-Factor Authentication

WARNING: If an administrator disables and then enables two-factor authentication, all users will have to set up their two-factor authentication again.

To disable two-factor authentication:

  1. Go to Settings> Customization > Site Settings.
  2. Click Login Settings.
  3. Click to deselect the Enable Two-Factor Authentication checkbox.
  4. Click OK to confirm.
    If the Enable Two-Factor Authentication checkbox is deselected, Submit must be clicked to commit the changes. 
  5. Click Submit.
    The yellow Your changes have been saved pop up opens and closes.
    If you click away from the Customization page without clicking Submit, your changes will not save.
    If reCAPTCHA was disabled before disabling two-factor authentication, it will be enabled again.

 

Disable Remember Me For 30 Days

WARNING: If Remember me for 30 days is disabled, all users’ Trusted Devices will be removed. 

To disable the Remember me for 30 days checkbox:

  1. Go to Settings> Customization > Site Settings.
  2. Click Login Settings.
  3. Click to deselect the Remember me for 30 days checkbox.
  4. Click OK to confirm.
    If the Remember me for 30 days checkbox is deselected, Submit must be clicked to commit the changes. 
  5. Click Submit.
    The yellow Your changes have been saved pop up opens and closes.
    If you click away from the Customization page without clicking Submit, your changes will not save.

 

Force a User to Set Up Two-Factor Authentication Again

A user should be forced to set up their two-factor authentication again if they have:

  • Reason to believe that their account might have been compromised.
  • Lost their phone.
  • Forgotten their security questions and backup email address.

To force a user to set up two-factor authentication again:

  1. Go to Settings > User Management.
  2. Find the user and click Edit.
  3. Click Reset.
  4. Click Yes to confirm.

 

For Users

Set Up Two-Factor Authentication

Once enabled by an administrator, two-factor authentication must be set up by each user the next time they log into Plutora.

To set up two-factor authentication:

  1. Log into Plutora:

    1. Type your Email (username) and Password.
    2. Click to select the reCAPTCHA checkbox, if enabled.
    3. Click Login.
      The Secure Your Information page opens.
  2. Click Set up two-factor authentication.
    All three authentication methods must be set up. But only one is required during logging in.

    The Set Up Authenticator App page opens.
  3. Download an authenticator app to your smartphone from App Store (for iPhones) or Google Play (for Android smartphones).

    The following instructions are for Google Authenticator app.
  4. Open Google Authenticator app.
  5. Start a new authentication session by tapping the +.

  6. Tap Scan barcode.
  7. Center the code under Scan the Code inside the green square.
    A new session will appear in the app.
  8. Type the six digits into Verify Code:
    • Each set of six digits times out after 30 seconds.
    • The digits turn red before they time out.
    • If the digits are red, wait until the next ones appear before typing them.
  9. Click Next (on the bottom right of the page).
    The Security Questions page opens.
  10. Select three questions from the drop-down menus and type your answer.
  11. Click Next (on the bottom right of the page).
    The Backup email page opens.
  12. Type an alternative email address.
    The email must be different to the one you use to log into Plutora.
  13. Click Send Verification Code.
  14. Type the six-digit code that was emailed to you.
  15. Click Next (on the bottom right of the page).
    The You’re All Set page opens.
  16. Click Finish (on the bottom right of the page):
    • The next time you log into Plutora, you will need your username and password, plus one of the three two-factor authentication methods.
    • You will also have the option to select Remember me for 30 days (if administrators have enabled it)  which will allow you to log into Plutora on your current device (usually a laptop or desktop computer) without completing two-factor authentication for the next 30 days.
    • If Remember me for 30 days is selected, your device will become a Trusted Device.

 

Manage Two-Factor Authentication

To manage two-factor authentication once it has been set up, including managing your security questions or other areas of two-factor authentication:

  1. Click your user avatar in the blue navigation menu.
  2. Click Profile.
  3.  Click Manage.
  4. Click Edit to edit:

    1. Authenticator App: Set up a new session in an authenticator app if you have lost access to the previous one. For example, if you have lost your phone.
    2. Security Questions: Edit and set new security questions.
    3. Email Backup: Provide a new backup email address.
    4. Trusted Devices: A device (for example, a laptop or desktop computer) that you have used to sign into Plutora using two-factor authentication and selected the Remember me for 30 days checkbox.
      1. Why would I want to manage my Trusted Devices?:
        • If you:
          • Accidentally marked a device as trusted.
          • No longer have the device.
          • Are no longer the sole user of that device.
          • Do not recognize the device.
      2. To remove Trusted Devices:
        1. Click Remove.
        2. Click Yes to confirm.
  5. Click Finish (on the bottom right of the page).

Back to the top arrow

Related Articles

Contents

Be the first to find out about new features. Subscribe to the Release Notes email.

Was this article helpful?

Thanks for your answer!