All Collections
Security & Access Control
Getting Started
How do I enable two-factor authentication?
How do I enable two-factor authentication?

Describes options for enabling and requiring two factor authentication for user logins.

Updated over a week ago

Two-factor authentication provides an extra layer of security for user accounts by requiring a 6-digit code in addition to their password. The 6-digit code expires every 30 seconds and must be retrieved from the Google Authenticator app which must be installed on the phone. This is a free app available on both iOS and Android.

Adding one more step of authenticating your identity makes it harder for an attacker to access your data. This drastically reduces the chances of fraud, data loss, or identity theft because logging in would require physical access to the user's phone in addition to their password.

Enable your own user account

Log into One Church as you normally do and then go to Username/Password under your user menu in the upper right.

A pop up will appear which includes a section named "Two Factor Authentication." Click on the "Turn on" button.

Afterwards, a list of instructions will appear. You will need to install Google Authenticator on your phone. This is a free app available on both iOS and Android. The app will auto-generate the 6-digit codes you would need to log into your account after enabling two-factor authentication.

Follow the instructions and enter the 6-digit code at the bottom to complete activation. Note, two-factor authentication can be disabled at any time by coming to this same screen and clicking on the "Turn off" button.

Require on someone else's user account

You will need the Limited Permission and Full Write People permission to perform this action.

Navigate to the person's profile and go to Actions > Change username/password in the upper right. A pop up will appear. Toggle the "Required?" field to Yes and click on the "Save" button at the bottom.

With two-factor authentication set as required, the next time this user logs into the system, they will be required to set up two-factor authentication. This will happen from the login screen before they are granted access to the system. They must set this up before being able to log into the system.

Set security policy for the entire organization

You are also able to set a two-factor authentication policy for users of the system. This controls who is required to set up two-factor authentication before being able to log into the system.

You will need the Limited Account permission to perform this action.

Go to Account Settings > Options > General > Person Profiles from the top of the side menu.

The available policies are:

  • As needed - no one is required to have two-factor authentication by default. However, you can still require it on a per-user basis (see previous section on how).

  • All non-guest users - this requires two-factor authentication for any users that do not have the role of "Guest." Use this option to require it for everyone except normal congregation members.

  • Everyone - this will force everyone to have two-factor authentication when they log in. This includes normal members of your congregation as well.

Did this answer your question?