Two-Factor Authentication

Applicability

This rule can be applied to Resource Policies, Minimum Authentication Requirements, and Admin Console Security.

Functionality

This rule controls whether the user will be prompted for two-factor authentication when attempting to access a Resource, sign in to the Network, or sign in to the Admin Console. More details on two-factor authentication can be found in our documentation.

We recommend that you either set a 2FA rule on Minimum Authentication Requirements or Resource Policies, but not both, otherwise users will be asked to 2FA twice.

Configuration

When Two-Factor Authentication is required and not set up yet, you will see a notification after authenticating with your credentials.

Twingate’s 2FA uses industry standard TOTP format to generate 2FA codes. You can use any TOTP-based authenticator application on Android or iOS, such as Google Authenticator (Android, iOS). Your identity provider may also include this functionality in their own mobile app.

First, add a new application in your authenticator app, then scan the QR code using your phone’s camera. If you are setting 2FA up from your phone, entering the alphanumerical ID instead may be easier. After you’ve set it up on your phone, confirm that everything is working correctly by entering the code that’s generated in the app.

Going forward, you will need to enter the 2FA code from the app you set it up on every time you access a Resource or network protected by 2FA.

Last updated 3 minutes ago