Two-factor authentication (2FA) works by using an authentication app on your mobile device to send you a six-digit one-time password. You enter this password on the verification screen as part of the login process.
Before you start
Things you need to know:
You must be an admin-level user to enable two-factor authentication on an account, or to reset a 2FA code for a user.
If you have already authenticated your login through SSO from Dotdigital, you do not need to additionally verify through 2FA when logging in to Fresh Relevance.
Users who require access to an account with 2FA enabled must have downloaded an authenticator app, for example Microsoft Authenticator or Google Authenticator, to their mobile device.
How two-factor authentication works
Once two-factor authentication is enabled, we ask you to verify your log in:
when you log in to your account from a device or a browser that has not been used before.
when you log in using a browser or device where cookies have been cleared since you last logged in.
if it has been more than the specified amount of time since you last logged in. By default, this is 30 days, but you can customise the time period to less than this if you prefer.
We use a cookie to check whether you have previously logged in with the same device or browser.
Enable two-factor authentication on your account
Expand the User menu and go to Settings > Security and Privacy.
Select Time-Based One Time Password Two-Factor Authentication.
Select the Require Two-Factor Authentication checkbox.
Expand the Require Two-Factor Authentication Again After This Amount of Time drop-down menu and select the time period after which users are prompted to verify again.
You can request users to re-verify at every log in, or at an interval of your choosing to a maximum of every 30 days.Select SAVE.
Read the confirmation message and select ENABLE TWO-FACTOR AUTHENTICATION.
Two-factor authentication is now enabled for the account.
Users already logged in at the time the feature is enabled can continue their session without interruption, but the next time they log in, they’re prompted to verify using 2FA.
Log in using two-factor authentication
Once 2FA is enabled for an account, at their next log in, each user is prompted to verify their identity using a one-time password generated through their authenticator app.
To generate the one-time password:
Log in to Fresh Relevance.
If it’s the first time you have logged in using TOTP-based authentication, you see a verification screen with a QR code and a request for a six-digit one-time password. Open the authenticator app on your mobile device and scan the QR code.
If you have already set up 2FA for Fresh Relevance in your authenticator app, you receive a code automatically to your mobile device.Once your app has provided it, enter the password on the verification screen.
Select VALIDATE.
Provided the password you have entered is correct, you are logged in to Fresh Relevance.
Access to multiple accounts
If you have access to multiple Fresh Relevance accounts, you are prompted to enter a one-time password after you select which account you want to log in to, as long as the selected account has 2FA enabled.
Reset two-factor authentication for a user
It may be that a user needs to reset their 2FA. An admin-level user can do this in user settings.
Expand the User menu and go to Settings > User Accounts.
Locate the user you want to reset the 2FA for, and select USER SETTINGS.
Select RESET TWO-FACTOR AUTHENTICATION.
Read the confirmation message and select CONTINUE.
Reset your own two-factor authentication
Each user is also able to reset their own 2FA, for example, if they have changed mobile device. In order to reset your 2FA, you must already have verified your log in.
Once 2FA has been reset the user must re-verify on their next log in by scanning the QR code generated by Fresh Relevance.
Disable two-factor authentication
If you want to remove the requirement for 2FA on your account, you must contact Support so that our Security team can review the request. Once Security have confirmed, the Support team can disable the feature.