The two-form authentication (2FA) at login is a high level of security that verifies the User trying to log into your Organization/Location, are actually the person they claim. This feature can be controlled by your Org Admins at the location level of your organizations setup. Once your Organization has it turned on, all Users, External/Internal, that log into that Organizations projects associated with that location, will go through 2FA. This includes Bid Packages, Download’s and General log-ins to the site.
NOTE: This login procedure is DFARS and NIST Compliant. If you need additional verification or criteria to meet, please contact Support to discuss this further.
How to Apply the 2FA requirement to a Location:
Navigate to the center screen, check the box prior to the location name and then click on Edit Location
Check the box Requires 2FA and click save to record the changes.
How it works:
Visit the site’s main login screen, enter the assigned user credentials.
Upon clicking LOGIN, the user will see a new pop-up window requesting the user enter in a code that was sent to the user’s email. The email will be sent to the email account the registered to the user’s site profile. This code will remain effective for 5 minutes after the initial request.
Pop-Up Window:
Email Example:
What Happens next
Correct Code input:
The user will be logged into the site and the experience will be as usual.
NOTE: The 90-minute logout is still in effect and if automatically logged out of the system, the user will be required to enter a new code.
Incorrect Code input
The user will get 5 more attempts before being sent back to the initial login screen to begin the process again.
The code expires in 5 minutes from the initial send.
Changing the method that the code is sent
The system defaults to sending the code to the email associated to the users profile as the mode of receiving the 2FA code. Once the user has successfully logged into the site this can be changed to have the code sent to the user via text to the cell phone. The user can also revisit this setting and update the setting back to sending the notification to the email associated to the users profile.
To update this setting, click on “My Profile” in the upper right corner of the site. You will see your name and then under your name are two options “My Profile” and “Logout!”
Under the Password & Authorization tab the user will be able to choose the mode of alert.
Email is the default setting, the user can select to have the code emailed or have the code sent in a text to the cell phone associated with the user’s profile. A third option is the use of an Authenticator Application. To learn more about this option please see the knowledge base article: How to Use Authentication Applications.
Clarifications:
The Mobile App does not require 2FA- the user verifies their identity when they download the site app.
To follow these instructions please watch our 1 minute instructional video