The Access identity 2FA enforcement is linked directly to a domain rather than to a user. Once a domain is set up for forced 2FA all users with email addresses within this will be covered by the forced 2FA.
To configure 2FA in Access Identity, follow the steps described in the table below:
Step | Details |
Identify your domains | Your domains will be on the right-hand side of your email addresses after the @ symbol for your users. Usually, it's your company name followed by .com or .co.uk, for example, the email: [email protected], the domain would be theaccessgroup.com. |
Identify who manages your domain | A TXT record needs to be added to the domain DNS to verify ownership of the domain. Typically, your IT department has access to the domain DNS. |
Register for identity | 📌Note: If you already registered with Access Identity due to using other Access products, once clicking https://identity.accessacloud.com/ you can either enter your password or reset your password to access your Identity account. |
Setup Domain | Complete the Access Identity Federation configuration for each domain. Your domain manager can assist you with this. |
Set up Forced 2FA | All users from a registered domain must use 2FA to log in. This step is optional, if not followed user can opt in to 2FA individually.
|
Run a test | Sign out of Access Identity. |
You're good to go!
FAQs
Question | Answer |
What do we do if we don't have a company domain? | If you do not own a domain, you can't use the 2FA login. |
Can we force all users to use 2FA in the company? | This is available by domain.
|
Can we force 2FA for admin users only in a company? | Access Identity does not support individual force, however, admin users can opt into the 2FA by setting this up on their own account. |
