Heap allows you to add an extra layer of account protection with two-factor authentication. It works by requiring a security code in addition to your username and password (or SSO credentials). Using 2FA across your organization reduces your risk of your team members’ Heap accounts being compromised, and thus decreases the chance of unauthorized access to your Heap data.
Enabling 2FA For your Personal Account (Everyone)
1. Navigate to Account > Manage > General Settings.
2. Click the Enable Two-Factor Authentication button.
4. Enter the code that appears in your authenticator app, then click the Confirm Code button.
5. A pop-up will appear with your recovery code. Be sure to copy-paste this code into a safe place. You will not be able to see this code again, and it is required for deactivating two-factor authentication on your account in the event that you lose your device. Alternatively, you may download a copy of your code via the Download button.
Viola! You have enabled two-factor authentication for your account.
Enabling Mandatory 2FA for Your Heap Domain
Admins can enable mandatory 2FA for all Admins or all users of your Heap domain. To enable mandatory 2FA, complete these steps:
1. Navigate to Account > Manage > Security.
2. Select your preferred setting in the Mandatory Two-Factor Authentication drop-down.
Once selected, this new setting will be automatically applied across your organization.
Prior to enabling mandatory 2FA, be sure to remind your users and/or Admins to store their recovery code in a safe location.
Removing and Reconfiguring 2FA
You can also remove or reconfigure 2FA by navigating to Account > Manage > General Settings and selecting a different setting in the Mandatory Two-Factor Authentication drop-down.