Home Administration Secure Access 2FA

Table of Contents

Was this article helpful?

Yes No

Thank you for your feedback!

2FA

In this article you'll learn:

  • What two-factor authentication (2FA) is and the benefits of enabling it
  • How to enable 2FA on your personal account (Everyone)
  • How to enable required 2FA for your entire organization or for all of your Admins (Admins)

Overview

This feature is only available to customers on Pro and Premier plans. To upgrade, contact your Customer Success Manager or sales@heap.io

Heap allows you to add an extra layer of account protection with two-factor authentication. It works by requiring a security code in addition to your username and password (or SSO credentials). Using 2FA across your organization reduces your risk of your team members’ Heap accounts being compromised, and thus decreases the chance of unauthorized access to your Heap data.

Note that in addition to 2FA, your team should practice good security hygiene in the form of strong passwords and a protocol for notifying security if you lose your 2FA token.

Enabling 2FA For your Personal Account (Everyone)

1. Navigate to Account > Manage > Personal settings

2. Click the Enable Two-Factor Authentication button

3. Scan the QVR code with your 2FA app and enter the code. Some examples of 2FA apps are Google Authenticator (iOS | Android) or Authy (iOS | Android).

The two-factor authentication section with the barcode displayed

4. Enter the code that appears in your authenticator app, then click the Confirm Code button.

The prompt 'Enter the six-digit code from the application' with a field to enter the code

5. A pop-up will appear with your recovery code. Be sure to copy-paste this code into a safe place. You will not be able to see this code again, and it is required for deactivating two-factor authentication on your account in the event that you lose your device. Alternatively, you may download a copy of your code via the Download button.

The 'recovery code' pop-up with the recovery code displayed

Viola! You have enabled two-factor authentication for your account.

Enabling Mandatory 2FA for Your Heap Domain

Admins can enable mandatory 2FA for all Admins or all users of your Heap domain. To enable mandatory 2FA, complete these steps:

1. Navigate to Account > ManageAccount Settings.

2. Select your preferred setting in the Mandatory Two-Factor Authentication drop-down.

Once selected, this new setting will be automatically applied across your organization.

Prior to enabling mandatory 2FA, be sure to remind your users and/or Admins to store their recovery code in a safe location.

Resetting 2FA for a Team Member (Admins only)

Only Admins can reset 2FA for other team members.

Admins can reset 2FA for team members by navigating to Account > Manage > Teammates, click the teammate you want to reset 2FA for, and click Reset two-factor Authentication in the sidebar.

Removing and Reconfiguring 2FA

You can also remove or reconfigure 2FA by navigating to Account > Manage > General Settings and selecting a different setting in the Mandatory Two-Factor Authentication drop-down.