Collage now offers multi-factor authentication to strengthen the security of your data.
Admins must enable multi-factor authentication for their whole organization first, and have the option to enable authenticator-based multi-factor authentication (recommended), SMS-based multi-factor authentication, or both.
To enable multi-factor authentication:
1. Click “Company Settings” at the bottom of the left-hand sidebar when signed in
2. Find the Security & Billing panel, and click “Authentication”
3. Choose whether you want to enable either authenticator-based (recommended) or SMS-based authentication, or both:
4. The next time users log in, they will be prompted to enable multi-factor authentication (if you only selected one of the two options, only one will be visible):
5. If setting up with an Authenticator app, they will be prompted to scan a QR code using their app, and enter the 6-digit temporary one-time password (TOTP) displayed in the app in the input field.
6. If setting up SMS-based authentication, they will be asked to enter their phone number to receive a security code and enter it to enable SMS-based authentication.
7. They will be asked to save a recovery code that allows them to log in if they lose their mobile device. Clicking "Download" will save a .txt file to their device with the recovery code.
Once authentication has been set up, users will have the option during login to have their device be recognized for 30 days. A checkbox will appear below the TOTP input field allowing them to enable this setting. Once enabled, they will not be prompted to enter a TOTP for 30 days.
Note: Users who log in using Google SSO will not be prompted to set up multi-factor authentication and will log in through the regular single sign-on process.
Managing multi-factor authentication
Superadmins are able to view who has multi-factor authentication, what kind of multi-factor authentication they are using, and are also able to reset multi-factor authentication for users that are locked out of their account.
To view multi-factor authentication information as a superadmin:
Click on "Company Settings" at the bottom of the left-hand toolbar
Scroll down to "Security & Billing"
Click "Users"
Find the "2FA" column
This column will show if a user is using SMS-based authentication, Authenticator-based authentication, or if they have not set up authentication because they have not logged in after multi-factor authentication was activated for your organization.
To reset multi-factor authentication for an individual user:
Click the 3 dots furthest to the right
Click "Reset 2FA"
Click "Save" on the popup that appears
The user will be asked to set up authentication again after they log in. This can be used if the user has lost their recovery key.