[[:start|Home]] > [[:faq|FAQ]] > [[faq:administrator|Admin]] > [[faq:administrator#managing_user_accounts|Managing User Accounts]] > **Administrator's Guide to 2Auth (Second Factor Authentication)** ====== Administrator's Guide to 2Auth (Second Factor Authentication) ====== Welcome to the Administrator's guide for **[[faq:security:2auth|2Auth]]** (Lookafter's Second Factor Authentication Feature). This guide will help you understand and manage 2Auth within your organization, enhancing security for user accounts. ---- ===== Introduction ===== **2Auth** is a security feature that adds an additional layer of protection to user accounts. It requires users to provide a one-time password (OTP), which is sent to their registered email (2Auth Email) during the login process. 2Auth settings are managed at **user level (per-user basis)**. This means that as a voadmin/avomaster, you do not enable or disable SFA for all users collectively. Instead, you have the ability to enable or disable 2Auth for users **individually**. You can access a user's 2Auth settings under the "2Auth" section of the [[faq:administrator:access_user_list|user's account settings]]. |{{:faq:administrator:managing_email_configurations:2auth:enable_2auth_for_user:0.jpg|}}| ---- ===== Setting Up 2Auth for User ===== To enable 2Auth for a user: 1. Go to **Profile** > **Admin** > **Accounts**, and **select the user**. 2. **Tick** the **"Enable 2Auth"** checkbox. |{{:faq:administrator:managing_email_configurations:2auth:enable_2auth_for_user:1.jpg|}}| 3. **Enter the email address** where the user will receive the One-Time Password (OTP). |{{:faq:administrator:managing_email_configurations:2auth:enable_2auth_for_user:2.jpg|}}| 4. Click **Update**. |{{:faq:administrator:managing_email_configurations:2auth:enable_2auth_for_user:3.jpg|}}| Once this is saved, the user will be required to enter an OTP as second factor authentication on their next login. ---- ===== Editing User's 2Auth Email ===== To change the user's 2Auth Email for receiving OTP: 1. Go to **Profile** > **Admin** > **Accounts**, and **select the user**. 2. **Change the email address** at the "2Auth" section. |{{:faq:administrator:managing_email_configurations:2auth:change_users_2auth_email:1.jpg|}}| 3. Click **Update** to save the setting. |{{:faq:administrator:managing_email_configurations:2auth:enable_2auth_for_user:3.jpg|}}| ---- ===== Deactivating 2Auth for User ===== To disable 2Auth for a user: 1. Go to **Profile** > **Admin** > **Accounts**, and **select the user**. 2. **Untick** the **"Enable 2Auth"** checkbox. |{{:faq:administrator:managing_email_configurations:2auth:disable_2auth_for_user:1.jpg|}}| 3. Click **Update**. ---- ===== Questions & Answers (Q&A) ===== === 1. What can I do if my user is not able to receive the 2Auth OTP email? === If your user did not receive the 2Auth OTP email in their Inbox, Spam or other folder after more than 10 minutes, you can either: * Change the user's 2Auth Email to an email address that can receive the OTP email; or * Temporarily disable 2Auth for the user while ensuring the user's 2Auth Email does not block emails coming from lookafter.com traffic. === 2. Can I enforce 2Auth on multiple users? === As 2Auth is applied per-user basis, there is no option to enable the feature for multiple users collectively. 2Auth has to be enabled user-by-user (either by user's initiative, or by the voadmin/avomaster within each user's account setting).