Two-factor authentication (2FA)

Two-factor authentication (2FA) is a security method that requires users to provide two distinct forms of verification, typically a password and a unique code sent to a device, enhancing protection by adding an extra layer of defense against unauthorized access to accounts and systems.

2FA is supported by Coro to reduce the risk of unauthorized access to your Coro console.

note

To learn more about the User Profile page, see User Profile settings.

Setting up 2FA with Coro

The first factor is your user credentials (username and password) and the second factor is provided through a mobile app.

There are two methods for enforcing 2FA:

Enabling 2FA from an admin user's profile

To enable 2FA from an admin user profile:

  1. Install an authenticator app on your mobile device (such as Google Authenticator).
  2. Log into the Coro console and select the User Profile icon in the toolbar (an avatar, typically set to your initials):

    Accessing your user profile

  3. Select My Account from the menu:

    User profile menu

  4. Select the Two Factor Auth tab:

    2FA tab

  5. Scan the QR code into the mobile authenticator app.

    The app generates a trusted unique code for use with every login attempt.

  6. Enter the authentication code in the box provided.
  7. Select Confirm .

    2FA is enabled.

You can choose to remove 2FA by selecting Delete two factor auth data at any time after it has been setup:

Remove 2FA

Important

Deleting 2FA data is not possible if 2FA is enforced for all admin users. Performing this process will prompt the user to configure 2FA upon their next login attempt. This option must be disabled before a user's 2FA data can be deleted.

Enforcing 2FA for all admin users

To enforce 2FA for all admin users:

  1. Log into the Coro console and select Control Panel from the toolbar:

    Control Panel

  2. From the workspace section, select Access Control .

    Access control

  3. Select the Admin users tab:

    Admin Users

  4. Scroll down and enable Require two-factor authentication for all admins :

    Enforce 2FA

    2FA is enforced for all admin users.

Resetting 2FA on an admin user account

In the event that an admin user has lost their mobile device or access to their authenticator app, another admin user with sufficient permissions from the user's workspace can reset 2FA by deleting the user's 2FA data and requiring the user to re-enable 2FA upon their next login. Alternatively, they can contact Coro Support for assistance with resetting 2FA.

Important

Deleting a user's 2FA data is not possible if 2FA is enforced for all admin users. Performing this process prompts the user to configure 2FA upon their next login attempt. This option must be disabled before a user's 2FA data can be deleted.

For an admin user to delete another user's 2FA data:

  1. Log into the Coro console and select Control Panel from the toolbar:

    Control Panel

  2. From the workspace section, select Access Control > Admin users :

    Access control

  3. Select the 3-dot action menu to the right of a 2FA enabled admin user's account:

    Admin Users

  4. Select Delete 2FA Data .

    Delete 2FA Data

    The Delete 2FA Data confirmation dialog is displayed:

  5. Select YES, DELETE .

    Confirm 2FA Data delete

    2FA is removed from the selected admin user's account, and an update message is displayed:

    Admin users updated

    The admin user can repeat the 2FA setup process.