To make it more secure and easier for you to access our services, even on non-whitelisted addresses, Lemonway now provides you with the two-factor authentication (2FA) option. This feature enables users to log in from any non-whitelisted IP address thanks to a verification code.
💡 To enable two-step authentication with an authenticator app, you'll need to download an authenticator app to your mobile device. The app will be able to scan QR codes and retrieve authentication data for you. Recommended authenticator apps include:
- Google Authenticator (available on iOS & Android)
- Microsoft Authenticator (available on iOS & Android)
- Duo Mobile (available on iOS & Android)
- Authy (available on iOS & Android)
Enable two-factor authentication (2FA)
Note
If you don’t see the Two-Factor Authentication (2FA) option, then you don’t have the permission to enable it. Request the permission called Two-factor authentication (2FA) to your account admin.
Tools and administration accesses give users permission to make significant changes within your dashboard. Accesses should only be given to trusted users who need extensive access to your organization.
-
From the Dashboard, click Configuration. A menu unfolds.
- Click Roles.
- Click the pencil icon on the line of the role you wish to edit.
- Search for Two-Factor Authentication (2FA) and tick the box.
- Click Save.
- Click Two-factor authentication in the sidebar, in the Configuration menu.
- Click Activate 2FA. A pop-up box appears.
- Choose one of the following methods to continue:
- 👉 Scan the QR code with your camera.
- 👉 Enter the secret key displayed in the pop-up box in your authenticator app.
- Enter the verification code received on the app in the field at the bottom of the pop-up box.
- Click Verify.
💡 Once 2FA is activated, if you want to log in from a non-whitelisted IP address, you will be able to do so with the verification code provided in the Authenticator app.
Tips: When using strong authentication (2FA), you need additional authentication factors beyond just a username and password, such as biometrics, hardware tokens, or one-time passwords. You may decide that strong authentication is required when accessing sensitive data or when logging in from an untrusted network. However, activating and deactivating strong authentication depending on the context ensure usability and security requirements.