Heap allows you to add an extra layer of account protection with two-factor authentication. It works by requiring a security code in addition to your username and password (or SSO credentials). Using 2FA across your organization reduces your risk of your team members’ Heap accounts being compromised, and thus decreases the chance of unauthorized access to your Heap data.
Note that in addition to 2FA, your team should practice good security hygiene in the form of strong passwords and a protocol for notifying security if you lose your 2FA token.
Enabling 2FA For your Personal Account (Everyone)
1. Navigate to Account > Manage > Personal settings
2. Click the Enable Two-Factor Authentication button
4. Enter the code that appears in your authenticator app, then click the Confirm Code button.
5. A pop-up will appear with your recovery code. Be sure to copy-paste this code into a safe place. You will not be able to see this code again, and it is required for deactivating two-factor authentication on your account in the event that you lose your device. Alternatively, you may download a copy of your code via the Download button.
Viola! You have enabled two-factor authentication for your account.
Enabling Mandatory 2FA for Your Heap Domain
Admins can enable mandatory 2FA for all Admins or all users of your Heap domain. To enable mandatory 2FA, complete these steps:
1. Navigate to Account > Manage > Account Settings.
2. Select your preferred setting in the Mandatory Two-Factor Authentication drop-down.
Once selected, this new setting will be automatically applied across your organization.
Prior to enabling mandatory 2FA, be sure to remind your users and/or Admins to store their recovery code in a safe location.
Resetting 2FA for a Team Member (Admins only)
Only Admins can reset 2FA for other team members.
Admins can reset 2FA for team members by navigating to Account > Manage > Teammates, click the teammate you want to reset 2FA for, and click Reset two-factor Authentication in the sidebar.
Removing and Reconfiguring 2FA
You can also remove or reconfigure 2FA by navigating to Account > Manage > General Settings and selecting a different setting in the Mandatory Two-Factor Authentication drop-down.