Two-factor authentication makes user accounts more secure in mWater. Without it enabled, a user needs their username and password to log in. With email 2FA, every time a user logs into the Portal, App, or Blue, they also need to enter a code that is emailed to them.
Two-factor authentication can simply be enabled in the
Account page of the Portal or App. Note that since the code will be emailed, the email on the account must be a verified one. You can also manage 2FA at the organizational level, either by notifying admins if users disable their 2FA or join without it enabled, or by enforcing a strict 2FA policy where each user must have 2FA enabled before they can join the org.
Organization admins can set their organization's Two-Factor Authentication Policy. This applies to the whole organization, so is not available at branch level separately.
Three options are provided:
1) No policy
It's entirely up to the user if they use two-factor authentication or not.
2) Notify
Two-factor authentication is not enforced but organization admins receive an email each time a user joins the organization without 2FA enabled, or if a user in the organization switches it off.
3) Require
If this is enabled, all members of the organization must have 2FA enabled, and any new users must have it enabled before they can join. So this toggle makes sure that all users of the organization have the policy enforced.
If there are organizations set as Collaborators, their users must also have 2FA enabled.
Note: Users can be part of any number of organizations, so org admins cannot just switch the policy on for any user. The user has to do it themselves.
