Single sign-on and 2FAUpdated 8 months ago
Single sign-on (SSO) allows users to join and log into your account without creating a unique password - they use their Google or Office 365 profile instead.
2FA (two-factor authentication) and MFA (multi-factor authentication) are enhanced security features that provide an extra layer of protection against unauthorized access to your account.
When 2FA is enabled, users logging in will need to enter a unique code from an authenticator app in addition to their username and password.
If a user fails to provide their authentication code, or if 2FA isn’t enabled and a user isn't recognized, they'll need to verify their identity using MFA.
Users are considered not recognized if they log in from an unknown location, unassociated device, or an IP address that hasn’t been used in the last 30 days. If the user still can't be recognized by the system, then MFA will step in.
MFA Prompts
If an agent doesn’t have 2FA enabled for their user profile, then any time they attempt login from an unknown/unassociated location or an IP address that hasn't been used within the last 30 days and isn't associated with that user account, they'll be prompted to complete their login via an email link sent to them.
The agent won't be able to access Gorgias until they've clicked on this link in their email.
This is to ensure that agents’ accounts are as secure as possible when not using 2FA.
Steps
Enable single sign-on (SSO)
1. Go to Settings -> Users & Teams -> Access management.
2. Toggle the SSO buttons ON.
Enable two-factor authentication (2FA)
Account-wide
1. Go to Settings -> Users & Teams -> Access management.
2. Toggle Require 2FA for all users ON.
3. You can set Enforcement time and date when you want 2FA to be required.
Once 2FA is enforced, any user who doesn’t have 2FA enabled will see a warning that notifies them that they have to enable 2FA within the next 14 days. If 14 days have passed since the enforcement date and the user hasn’t enabled 2FA, a non-dismissible setup modal will be shown to them instead of the banner.
Individual
1. Go to Settings -> You -> Password & 2FA.
2. Click on Enable 2FA.
3. You'll be prompted to add your authenticator app.
4. Finally, you'll see a list of 10-digit recovery codes that you'll need to save somewhere - you can use these in case you lose access to the authenticator app.
Once 2FA is enabled, you will be prompted to enter a 6-digit code from the authenticator app or your backup codes every time you log in to Gorgias.