Two-Factor Authentication (2FA)

Add an extra layer of security to your account with time-based one-time passwords (TOTP).

🔐 What is 2FA?

Two-factor authentication requires two forms of verification:

1. Something you know: Your password
2. Something you have: Your phone with authenticator app

📱 Supported Authenticator Apps

✨ Setting Up 2FA

Step 1: Enable 2FA

1. Click your avatar (top right)
2. Select "Settings"
3. Navigate to "Security" tab
4. Click "Enable Two-Factor Authentication"

Step 2: Scan QR Code

1. Open your authenticator app
2. Tap "Add Account" or "+"
3. Choose "Scan QR Code"
4. Point camera at the QR code on screen

Step 3: Save Backup Codes

You'll receive 10 backup codes. Store them securely:

• ✅ Download and save to secure location
• ✅ Print and store in safe place
• ✅ Store in password manager
• ❌ Don't store in plain text on your computer
• ❌ Don't share with anyone

Step 4: Verify Setup

1. Enter the 6-digit code from your authenticator app
2. Click "Verify and Enable"
3. You'll see a success message

🔓 Logging In with 2FA

Standard Login Process

1. Enter your email and password
2. Click "Sign In"
3. You'll be prompted for 2FA code
4. Open your authenticator app
5. Enter the 6-digit code
6. Click "Verify"

🆘 Recovery Methods

Using Backup Codes

If you don't have access to your authenticator app:

1. Click "Use backup code" on 2FA screen
2. Enter one of your backup codes
3. The code will be consumed (one-time use)

Regenerating Backup Codes

If you're running low on backup codes:

1. Go to Settings → Security
2. Click "Regenerate Backup Codes"
3. Save the new codes securely
4. Warning: Old codes will be invalidated

📱 Managing 2FA

Switching Devices

Moving to a new phone?

Option 1: Transfer Before Switching

1. Setup authenticator app on new device
2. Go to Datix xAgents Settings → Security
3. Click "Show QR Code"
4. Scan with new device
5. Verify it works
6. Remove from old device

Option 2: Reset After Switching

1. Use backup code to login
2. Disable 2FA
3. Re-enable 2FA
4. Scan QR with new device
5. Save new backup codes

Disabling 2FA

To disable:

1. Go to Settings → Security
2. Click "Disable Two-Factor Authentication"
3. Enter your password
4. Enter current 2FA code
5. Confirm

👑 Admin Controls

Enforcing 2FA

Admins can require 2FA for all users:

1. Go to Admin → Settings
2. Navigate to Security Policies
3. Enable "Require 2FA for all users"
4. Set grace period (e.g., 7 days)

Resetting User 2FA

If a user loses access to their authenticator:

1. Go to Admin → Users
2. Find the user
3. Click "Reset 2FA"
4. Confirm the action
5. Notify the user to re-enable 2FA

Monitoring 2FA Adoption

Track 2FA usage across your organization:

• Users with 2FA enabled
• Users without 2FA
• Recent 2FA setup dates
• 2FA login success rates

🔒 Security Best Practices

❓ Common Issues

Code Not Working

Lost Authenticator App

Solution: Use a backup code to login, then disable and re-enable 2FA.

Backup Codes Not Working

Possible causes:

• Code already used (one-time use only)
• Codes regenerated (old codes invalidated)
• Typo in code entry

Solution: Contact admin for 2FA reset.

🎓 Advanced Topics

API Access with 2FA

When using APIs with 2FA-enabled accounts:

• Use API keys instead of password authentication
• API keys bypass 2FA requirement
• Generate keys in Settings → API Keys
• Rotate keys regularly

SSO and 2FA

If using Single Sign-On (SSO):

• 2FA is handled by your SSO provider (e.g., Azure AD, Okta)
• Datix xAgents 2FA is bypassed
• Configure 2FA in your SSO provider

🚀 Next Steps

• Learn about user roles
• Configure column permissions
• Account setup guide