Setting Up Two-Factor Authentication
Two-Factor Authentication (2FA) is a security method that requires two separate forms of verification. When enabled in Meevo, 2FA adds an extra layer of protection to employee logins beyond just the username and password, protecting your employees and business in case a password is stolen.
Before you begin
Before we dive into setup, here are a few more important details on 2FA in Meevo.
- 2FA gets set up per employee, as you will set the option on each individual profile. For initial setup of 2FA, you'll need the employee to be present, as well as someone who has permission in Meevo to edit employee profiles.
- Each employee who will use 2FA needs to download the free an authenticator app. We recommend the Google Authenticator app. The app should be downloaded onto a device that only the employee has access to.
Note: Authenticator apps Okta Verify and Microsoft Authenticator will also work with Meevo. Whichever your business chooses, we recommend all employees use the same authenticator.
- The Google Authenticator app is extremely easy to use. It simply generates a unique code on the device every 30 seconds. To log into Meevo, the employee will enter the code displayed in the app when prompted by Meevo.
- 2FA can be required with each employee login, or Meevo can "remember" an employee's 2FA login on that device for 14 days.
After downloading the free Google Authenticator app, you and your employees are ready to set up 2FA in Meevo by following the steps below.
Set up 2FA on each employee's profile
The steps below apply to Google Authenticator app, but these steps are generally the same for Okta Verify and Microsoft Authenticator.
- From an employee profile's Main tab, select Enable two-factor authentication.
- Selecting that option immediately displays a pop-up with instructions on how to set up two-factor authentication using the Google Authenticator app. The pop-up displays a unique QR code for each employee profile, as the QR code is specific to that employee's setup.
- For security, the employee must use a device that they alone have access to.
- If opening the Google app for the first time, employees can begin setting up the account by selecting Get Started. After scanning the QR code through the Google Authenticator app, a "Meevo" account gets created in the app. This account is where the employee will go when they need a unique code to log into Meevo.
- The employee's email address is in parenthesis beside Meevo, which helps verify who the code is being generated for. The blue circle to the right is a countdown timer; a new code is automatically generated every 30 seconds when the timer runs out.
- In Meevo, the employee must always enter the code that is currently displayed on their device; previously displayed codes are not valid. Codes can only be used once.
- After selecting Verify on the pop-up modal, the modal closes and the 2FA option is now enabled in the profile. Save the profile to finish enabling 2FA for that employee.
To log in with 2FA
- The employee goes to the Meevo login page and enters their login credentials as usual.
- After a successful login, employees with 2FA enabled will see their username and password fields replaced with a Two-Step Verification section.
- At this point, the user pulls up the Google Authenticator app on their device, enters the code currently displayed under the Meevo account, and selects Submit to log in. Selecting Remember this device for 14 days. will bypass 2FA for this employee on this device for the next two weeks.