IN THIS ARTICLE:
Introduction to Two-Factor Authentication
Two-factor authentication (2FA) provides an extra layer of security for accessing your LogicMonitor account. In addition to a username and password, users with two-factor authentication enabled will have to use a third party application, Authy, or an authentication token delivered via SMS/voice to verify their identity.
Note: Two-factor authentication permissions defer to those of Single Sign On. This means if Single Sign On is not set to strict mode, but is enabled, users can choose either one when logging in. If Single Sign On is set to strict access, users will not be able to access LogicMonitor via two-factor authentication. If you would like to use two-factor authentication with Single Sign On, you will need to set this up on your SSO provider's side.
Enabling and Disabling Two-Factor Authentication
Two-factor authentication can be enabled from the User or Role levels via their respective Manage dialogs (Settings > Users & Roles).
NOTE: if multiple roles are assigned to a user and two-factor authentication is enabled on only one of them, the user will still have to use two-factor authentication to access their account.
If you would like two-factor authentication to be applied universally across all users and roles in your account, select the checkbox next to Require Two-Factor Authentication for all Roles and Users under Settings > Account Information > Portal Settings.
Once you have enabled two-factor authentication, you will need to specify whether it should be implemented "Immediately," in which case all users will be immediately signed-out from their session, or "Eventually" which will require two-factor authentication starting the next time a user logs in.
You can disable two-factor authentication by unchecking the Require Two-Factor Authentication checkbox at the desired level (account, user, or role).
Accessing Account with Two-Factor Authentication
To log in to your LogicMonitor account after two-factor authentication has been enabled, enter your username and password.
You will be asked to select a two-factor authentication method:
Register Mobile Device for Two-Factor Authentication in Authy Application
If you would like to authenticate using either of the Authy app options (Authy Token or One Touch), you will first have to register your mobile device with Authy using the following steps:
- Download the Authy app on your device
- Upon opening the app, enter your device's phone number and an email address. Provide the same email address and/or number listed in your LogicMonitor account.
- You will be asked if you would like to authenticate your device via SMS or voice call Select the desired option.
- Based on your choice in step 3, you will receive a text or voice call with a registration code. Yotu will be prompted to enter this code in the Authy app.
Your device is now authenticated. You will be able to use this device as a secure token when accessing your LogicMonitor account via Two Factor Authentic ation. Note that your LogicMonitor account will be auto-added to Authy following your first signin to LogicMonitor with two-factor authentication. You do not need to manually add the account using a QR code or scan.
Note: If you are using a phone number with a country code outside the US, you will need to use the SMS/Voice codes in lieu of Authy-based verification. This is a temporary limitation that will be fixed in an upcoming release.
1. Verify using OneTouch Authentication
If you select "Verify using OneTouch Authentication," you will need to select "send." This will send a request from your LogicMonitor account to your Authy app asking for a third-party authentication.
In your Authy App, select "OneTouch" in the upper lefthand corner.
You will be shown a log of all Login Requests your Authy App has received.
Select the most recent/relevant request.
In order to verify the request and authenticate into LogicMonitor, click "Accept."
This will automatically complete your login process and open your LogicMonitor account.
2. Verify Using Authy Token
To authenticate into your account with an Authy Token, simply select this option from the LogicMonitor login screen and open your Authy App
Enter the seven-digit token displayed on your Authy App screen into the LogicMonitor login page.
You will have 20 seconds to enter your token after opening the Authy App before it expires.
3. Get a Code Texted to (phone number)
Selecting this option will send an SMS text containing a verification code to the mobile device on file in your LogicMonitor account.
Once you receive the code, simply enter it into the LogicMonitor login page.
4. Get a Code via Phone Call to (phone number)
If this option is checked, click "Get Code." You will receive a phone call at the mobile device on file in your LogicMonitor account.
Once you receive a voice call with the verification code, enter the code into the LogicMonitor login page.
If you did not receive a phone call, Click "code was not received" to return to the main LogicMonitor login page and select a different authentication option.
Once logged in, verify that the number you have on file in your LogicMonitor account is correct.