Two-factor authentication (2FA) (also known as multi-factor authentication) uses two independent authentication factors, such as knowledge (password), possession (physical object) and inherence (biometric features), to verify a user's identity. This increases security as multiple factors are required to grant access, reducing the risk of unauthorized access.
Before logging into your Xentral instance, two-factor authentication requires that two different and independent forms of identification are presented, e.g. a 'one-time password (OTP)' that is only valid for a single session or transaction. An app on a smartphone can be used, such as Google Authenticator, which generates a password that is valid for a limited period of time.
For example, you can use Google Authenticator for iOS and Android or Microsoft Authenticator.
Steps to download app:
-
Open the App Store (on iOS devices) or the Google Play Store (on Android devices).
-
Download and install Google Authenticator or Microsoft Authenticator from the app store.
Set up two-factor authentication for the next regular login:
-
Go to the login page of your Xentral instance.
-
Login with your email and password or use the social login via Google.
-
When you log in for the first time, you will be presented with a QR code. Scan it with your Authenticator app.
Optional: If a scan is not possible, you can alternatively request a code.
-
The app automatically adds the account and starts to generate OTPs (One-Time Passwords).
-
Enter the One-Time- Password (OTP) from the app in the Xentral login screen to complete log in.
Note
Backup of the recovery codes:
Make sure you securely store all recovery codes that are provided during the setup process. These codes are important in case you lose access to your device.
Go to Settings > Administration > Security > Multifactor authentication.
-
Activate multifactor authentication with the slider.
Activating this function requires that all users of an instance use multi-factor authentication to log in to the Xentral instance.
-
Once the feature is enabled, admins have the option to exempt individual users of their instance from the MFA requirement. This may be necessary, for example, for shared Xentral accounts used at packing stations for which a multi-factor authentication requirement would be an unnecessary burden.
Caution
Please note that removing the multi-factor authentication requirement for individual users may pose a potential risk to data protection and privacy. We recommend limiting the scope of authorization for these excluded users.
-
Admins also have the option of resetting the multi-factor authentication settings for individual users. This is necessary, for example, if the user has lost the device with which they performed multi-factor authentication or if a new device has been purchased.