Summary
Two-factor authentication (2FA) helps protect your user account from malicious login attempts.
This feature is available to all customers.
Two-factor authentication combines something you know, like your password, with something you have, like a phone with an authenticator app. You need both pieces of information to log in successfully.
See Portal setup: two-factor authentication (2FA) for background.
If this feature is optional on the portal, the learner can enable it for their own account from their profile.
If this feature is required, all users must set up 2FA for their accounts. They can't access the portal until 2FA is in place.
The steps for creating a connection between a learner's user account and their authenticator app are the same in both instances.
Prerequisites to set up 2FA
- All portals have 2FA available by default: admins must turn on either the optional or mandatory use on the portal. See Portal setup: two-factor authentication (2FA)
- Users need to set up an authenticator app on their desktops or mobile phones
These apps lets users scan a Quick Response (QR) code to link their user accounts to their devices.
Set up optional 2FA, as a user
If 2FA on the portal is optional, users find the feature in their personal profiles.
- From main navigation, go to your initials or photo > your name and identifier to access My Profile.
- From Settings, select Set up 2FA (Two-factor authentication).
- Using the authenticator app, scan the QR code onscreen to create a connection between the app and the LearnUpon user account. The app generates a time-limited confirmation code.
- In Enter Code, enter the code displayed in the authenticator app.
- Verify and Activate to confirm the entry.
After saving the 2FA status change, LearnUpon generates 9 single-use confirmation codes, as backup. The user needs to copy these codes to a safe place.
Change optional 2FA settings, as a user
For optional 2FA, users can turn off the feature, set up a new authentication app, or generate new backup codes.
- From main navigation, go to your initials or photo > your name and identifier to access My Profile.
- From Settings, select Set up 2FA (Two-factor authentication).
- From Two-Factor Authentication (2FA) select:
- Deactivate to turn the feature off
- More (aka 3-dot menu) > Use a different authentication app - this option opens the authentication dialog with a QR code, to let the user set up a new app
- More (aka 3-dot menu) > Generate new backup codes
LearnUpon confirms these changes with a pop-up message.
The following screenshot shows the menu options available for changing optional 2FA.
Set up mandatory 2FA as a user
If 2FA on the portal is mandatory, then users encounter the 2FA setup the next time they log in. They can't access their account without completing 2FA setup.
- From the login screen, enter your unique identifier (email or username) and password, and select Sign In.
- LearnUpon displays the 2FA setup dialog.
- Using the authenticator app, scan the QR code onscreen to create a connection between the mobile app and the LearnUpon user account. The app generates a time-limited confirmation code.
- In Authentication Code, enter the code shown in the phone app.
- Select Verify and Authenticate.
After saving the 2FA status change, LearnUpon generates 9 single-use confirmation codes, as backup. The user needs to copy these codes to a safe place.
The following screenshot shows the 2FA setup screen after login, with the QR code obscured.
Change mandatory 2FA settings, as a user
Users can't turn off mandatory 2FA. From their user profiles, they can set up a new authentication app, or generate new backup codes.
- From main navigation, go to user initials > View My Profile.
- From Two-Factor Authentication (2FA) select:
- More (aka 3-dot menu) > Use a different authentication app - this option opens the authentication dialog with a QR code, to let the user set up a new app
- More (aka 3-dot menu) > Generate new backup codes
LearnUpon confirms these changes with a pop-up message.
Switching portals with 2FA
Once 2FA is active for an account on a portal, users need to enter a 2FA code every time they log in to that portal. It doesn't matter if 2FA is optional or mandatory on the portal: when it applies to the user, the effect is the same.
When switching between portals:
- user moves from portal with 2FA on their account to a portal with no 2FA on their account - no code required
- user moves from a portal with no 2FA on their account, to a portal with 2FA enabled on their account - code required
- user moves between portals which have 2FA set up on both accounts - code required each time
When a user moves from any portal to one where 2FA is required, and the user hasn't set up 2FA yet, they are prompted to set up 2FA, and can't access the portal until they do so.
Using 2FA does not affect a user's password.
See: