Gorgias logo
Gorgias logo

All articles

Single sign-on and 2FAUpdated 2 months ago

Businesses are responsible for protecting their customers' data. 2FA is critical to keeping your account safe from unauthorized access, so we strongly recommend enabling 2FA for all users.


Single sign-on (SSO) allows users to join and log into your account without creating a unique password - they use their Google or Office 365 profile instead.

2FA (two-factor authentication) and MFA (multi-factor authentication) are enhanced security features that provide an extra layer of protection against unauthorized access to your account.

When 2FA is enabled, users logging in will need to enter a unique code from an authenticator app in addition to their username and password.

If a user fails to provide their authentication code, or if 2FA isn’t enabled and a user isn't recognized, they'll need to verify their identity using MFA. 

Users are considered not recognized if they log in from an unknown location, unassociated device, or an IP address that hasn’t been used in the last 30 days. If the user still can't be recognized by the system, then MFA will step in.

 2FA isn't enabled on the mobile app.


MFA Prompts

If an agent doesn’t have 2FA enabled for their user profile, then any time they attempt login from an unknown/unassociated location or an IP address that hasn't been used within the last 30 days and isn't associated with that user account, they'll be prompted to complete their login via an email link sent to them.

The agent won't be able to access Gorgias until they've clicked on this link in their email. 

This is to ensure that agents’ accounts are as secure as possible when not using 2FA.



Steps

Enable single sign-on (SSO)

1. Go to Settings -> Users & Teams -> Access management

2. Toggle the SSO buttons ON.

 Agents who sign up on their own will have the default Basic Agent role.


Enable two-factor authentication (2FA)

We strongly recommend the use of authenticator apps like Google Authenticator - they're easy to use and available on both Android and iOS devices.

Account-wide

1. Go to Settings -> Users & Teams -> Access management

2. Toggle Require 2FA for all users ON. 

3. You can set Enforcement time and date when you want 2FA to be required.

Once 2FA is enforced, any user who doesn’t have 2FA enabled will see a warning that notifies them that they have to enable 2FA within the next 14 days. If 14 days have passed since the enforcement date and the user hasn’t enabled 2FA, a non-dismissible setup modal will be shown to them instead of the banner.

Individual

1. Go to Settings -> You -> Password & 2FA

2. Click on Enable 2FA

3. You'll be prompted to add your authenticator app.

4. Finally, you'll see a list of 10-digit recovery codes that you'll need to save somewhere - you can use these in case you lose access to the authenticator app.
Once 2FA is enabled, you will be prompted to enter a 6-digit code from the authenticator app or your backup codes every time you log in to Gorgias.

Was this article helpful?
Yes
No