OnePassport Users have the ability to turn on Two Factor Authentication Settings to increase security of their accounts (instructions available here). If these OnePassport users are also using Comply as Administrator, Managers or Members, this means that security measures has to be tightened. This is why a new feature of the system has been in placed; the 2FA Enabling for Comply Users, which means though the involved individuals (3 roles previously mentioned) have not set up their 2FA in their own accounts, a Super Administrator can do this for them.
1. Only the Super Administrator has the sole access to the Policy and Group page in Account Settings and can manage the 2FA settings for the whole organisation.
2. If the 2FA has been turned on by the Super Admin, the individual cannot turn off this setting.
3. Once the 2FA is set, the individuals with the different roles receive unique PIN Codes in their emails which can be used for logging in to Comply.
Here are the steps for the Super Admin to enable 2FA:
Step 1: Click Account Settings in your OnePassport Dashboard.
Step 2: Make sure that you are on the Security Management Section and select the Policy and Group tab.
A. If you want to enable 2FA for everyone in the organisation (with Super Admin, Admin, Manager and Member roles), simply tick the box "Enable Two-Factor Authentication to all OnePassport| Comply users". Press Save at the end.
B. Should you choose to enable selected users only (like specific role or roles), tick the box(es) like below.
* If you have previously chosen to set All, deselect the box first to proceed.
Press Save once done.
C. On the other hand, if you wish to enable the 2FA for selected group only or together with other roles, you must create first a group by clicking the plus button under the Groups heading.
When + is pressed, this one pops up and you need to enter the details of the group.
*Level - is equivalent to Role.
* Users - list of users will populate the drop down once you have chosen the role.
Tick the box for the Group you created and press Save. From our example below, Super Admin role was selected together with the Group.
If the Two-Factor Authentication has been set up successfully, the Comply users with those involved roles will be required to enter the PIN Code (sent to their email) every time they log in to Comply.
You can edit the settings or make changes to your selection by going to the same process. Just deselect the box you want to disable 2FA with and save any update you make.