Account Settings
      Back to home
      1. Help Center
      2. Admin Portal
      3. Account Settings

      Two-Factor Authentication for Alcatraz Admin Portal

      Increase the security of your Alcatraz Admin Portal accounts by adding a second layer of "something you have" authentication

      How 2FA Works in Alcatraz Admin Portal


      Two-factor authentication (2FA) is an optional authentication mechanism that you can enable on top of the standard Alcatraz Admin Portal login credentials for added security.

      This article covers 2FA for Alcatraz Admin Portal users. To learn about 2FA mode on Alcatraz Facial Authentication Devices, see Configuring the Rock's Device Mode.

      Alcatraz Admin Portal implements 2FA through a time-based one-time password (TOTP) that you need to provide when logging in. These are short-lived numerical codes generated by a specialized authentication app. Alcatraz Admin Portal supports any RFC 6238-compliant authentication application such as Google Authenticator or Microsoft Authenticator. TOTP generators are available as mobile or desktop apps or even as hardware devices.

      Do not enable 2FA if you have enabled Single Sign-On (SSO) login for Alcatraz Admin Portal users.

      Enabling 2FA in an Organization Account

      Administrator procedure

      Enabling 2FA forces all users, including administrator roles, to complete a one-time 2FA setup the next time they log in.

      Alcatraz Admin Portal remembers user 2FA settings between two 2FA enablings. If you disable 2FA and then re-enabled it, your users can continue using their previous 2FA authentication app setup.

      If the user deletes their Alcatraz 2FA authenticator app profile in the meantime, they can restore their access to Alcatraz Admin Portal in one of two ways:

      • Using a recovery code.
      • By asking an Alcatraz Admin Portal administrator to reset 2FA for them.

      Only the Account Administrator role can enable 2FA.
      Take these steps to enable 2FA for your users:

      Alcatraz Admin Portal will log you out of your account immediately after enabling 2FA. The next time you log in, you will be asked to set up 2FA in your account.

      1. Log in to Alcatraz Admin Portal as an Account Administrator.
      2. In the left menu, go to Accounts > Account Settings.
      3. Under Login Configuration, expand Login Preferences.
      4. Toggle Enable 2FA Login on.
      5. Click Submit.
        p-2fa-admin-enable
      Submitting the changes logs you out of your account.

      Disabling 2FA in an Organization Account

      Administrator procedure

      Disabling 2FA does so for all users inside your organization account, including your own. Immediately after disabling 2FA, users will be able to log in using only their username and password pair.
      Disabling 2FA does not delete the users' 2FA setups. If you disable 2FA and then re-enabled it, your users can continue using their previous 2FA authentication app setup, provided they have kept the Alcatraz profile in their 2FA authentication app.
      Take these steps to disable 2FA for your organization's users:
      1. Log in to Alcatraz Admin Portal as an Account Administrator.
      2. In the left menu, go to Accounts > Account Settings.
      3. Under Login Configuration, expand Login Preferences.
      4. Toggle Enable 2FA Login off.
      5. Click Submit.

      Setting Up 2FA in Your User Account

      User procedure

      After your Alcatraz Admin Portal enables 2FA, you will be asked to complete a one-time 2FA setup the next time you log in. If you are inside your account at the time, you are immediately logged out.
      Follow these steps to set up 2FA in your account:
      1. On your smartphone, install a 2FA application like Google Authenticator or Microsoft Authenticator.
      2. Log in to Alcatraz Admin Portal.
        A screen appears asking you to set up 2FA.
        p-2fa-welcome
      3. Click Next.
      4. On the screen that appears, do the following:
        1. On your smartphone, open the 2FA application that you installed and find its QR code-scanning option.
        2. Using your smartphone's camera, scan the QR code in the middle of the Alcatraz Admin Portal page.
          A new account named Alcatraz: your email address appears in the 2FA application.
        3. Enter the code shown under Alcatraz: your email address in the Authentication Code field in Alcatraz Admin Portal.
          p-2fa-qr
      5. On the STEP 4 screen that appears, copy the recovery codes and store them in a safe location.
        These codes only appear once. You will need them to reset your 2FA settings if you ever lose access to the 2FA app on your smartphone.
      6. Click Next.
      7. On the login screen that appears, enter the latest code generated by your 2FA application.
      Following these initial activation steps, Alcatraz Admin Portal will ask you to provide a one-time 2FA code every time you log in.

      Regaining Access to a Locked Account

      User procedure

      If you ever loose access to your 2FA authentication app, you can restore your access to your Alcatraz Admin Portal account in one of two ways:
      • Using a recovery code
      • By asking an Alcatraz Admin Portal administrator to reset 2FA for you

      Regaining Access Using a Recovery Code


      You can use a recovery code to regain access to your account. The recovery codes are a set of several alphanumeric codes that Alcatraz Admin Portal display as you complete the initial 2FA setup in your account.
      Take these steps to use a recovery code:
      1. Go to the Alcatraz Admin Portal login page.
      2. Enter your email and password and click Login.
      3. On the Authentication Code screen, click Can’t use your authenticator app?
        p-2fa-recover
      4. On the screen that appears, enter one of your recovery codes and click Confirm.
        Alcatraz Admin Portal takes you back to the login screen.
        p-2fa-recover-code
      5. Enter your email and password and click Login.
      6. Redo the initial 2FA setup as described in Setting Up 2FA in Your User Account.

      Requesting 2FA Reset from Your Administrator


      One of the ways to regain access to your 2FA-enabled account is to ask an Alcatraz Admin Portal administrator to reset your user account's 2FA settings.
      After the administrator resets your user account's 2FA settings, head to the Alcatraz Admin Portal login page, enter your email and password, and then complete the initial 2FA setup as described in Setting Up 2FA in Your User Account.

      Resetting 2FA for a User

      Administrator procedure

      As an Alcatraz Admin Portal administrator, you can reset the 2FA settings for a particular user. Resetting can be useful if the user has lost their recovery codes, lost access to their 2FA authentication app, or deleted the Alcatraz profile from their 2FA authentication app.
      The Account Administrator role is required to reset 2FA for a user.
      Take these steps to reset 2FA for a user:
      1. Log in to Alcatraz Admin Portal as an Account Administrator.
      2. In the left menu, go to Permissions > Users.
      3. In the table view, click the username.
      4. On the user details screen, click Modify.
      5. Click Reset 2FA Login.
        p-2fa-reset
      6. Click Cancel to exit the user details.
      The user will be asked to complete the initial 2FA setup again the next time they log in.