2FA

Two-factor authentication (2FA) adds an additional layer of security to your DEUNA Admin account by requiring a second form of verification beyond your password.

2FA significantly reduces the risk of unauthorized access by requiring users to verify their identity using two different factors:

• A known factor like a password or an id
• An owned factor like an authenticator app, a phone, or an email

This protects against password theft, phishing attacks, and credential stuffing.

How it works

DEUNA supports multiple 2FA methods to balance security and usability:

• Authenticator App Time-based one-time passwords (TOTP) generated by apps like Google Authenticator or Authy.

Requirements

2FA can be configured as optional or mandatory based on your organization's security policy:

• Optional: Users can choose to enable 2FA for additional security.
• Mandatory: All users must configure at least one 2FA method to access the platform.

📘

Merchants with the "Manage security policy" permission can configure 2FA requirements for their organization.

Set up 2FA as a user

Configure two-factor authentication to secure your account.

1. Access security settings

1. Log in to the DEUNA Admin dashboard.
2. Click your profile image and select Security.
3. Navigate to the Two-Factor Authentication (2FA) section.

2. Choose your 2FA method

Select and configure at least one authentication method. You can enable multiple methods for flexibility.

Option A: Authenticator app

The authenticator app method provides the strongest security and works offline.

1. In the 2FA section, click Set up under Authenticator App.
2. Install an authenticator app on your mobile device if you haven't already:
   • Google Authenticator
   • Authy
   • Microsoft Authenticator
   • Any TOTP-compatible app
3. Scan the QR code displayed on screen with your authenticator app.
4. Alternatively, manually enter the secret key shown below the QR code.
5. Enter the 6-digit verification code from your authenticator app.
6. Click Confirm and enable.

✅

Your authenticator app will generate a new code every 30 seconds. You can use this method even without internet access.

Log in with 2FA

Once 2FA is configured, you'll need to complete an additional verification step when logging in.

Login process

1. Enter your email address and password on the login page.
2. Click Sign in.
3. You'll be redirected to the 2FA verification screen.

Complete 2FA verification

If you have one method configured:

1. Enter the verification code from your configured method:
   • Authenticator App: Enter the 6-digit code from your app.
2. Click Verify.

Manage 2FA

Update or modify your 2FA configuration at any time.

View active methods

1. Go to Profile > Security > Two-Factor Authentication.
2. See all your enabled 2FA methods and their status.
3. View when each method was last used.

Add additional methods

You can configure multiple 2FA methods for added flexibility:

1. Navigate to the 2FA section in your Security settings.
2. Click Set up on any method you haven't configured.
3. Follow the setup process for that method.

Disable a method

⚠️

If 2FA is required by your organization, you must maintain at least one active method.

1. Go to Profile > Security > Two-Factor Authentication
2. Find the method you want to disable.
3. Click Disable next to that method.
4. Confirm your choice.

Configure 2FA policy as administrators

Administrators with the "Manage security policy" permission can configure 2FA requirements for their organization.

🔑

Admin Permission Required: "Manage security policy"

Enable required 2FA

1. Log in as an administrator
2. Navigate to Settings > Security & Access.
3. Locate the Two-Factor Authentication Policy section.
4. Toggle Require 2FA for all users to On.
5. Select which methods are allowed for your organization:.
   • Authenticator App
6. Click Save changes.

View user 2FA status

Monitor 2FA adoption across your organization:

1. Navigate to Settings > Users.
2. The user list displays a 2FA status indicator for each user:
   • Enabled: User has at least one 2FA method configured.\
   • Disabled: User has not configured 2FA
3. View which specific methods each user has enabled.

Reset user 2FA

If a user loses access to their 2FA methods, administrators can reset their configuration.

🔑

Permission Required: "Reset 2FA"

1. Navigate to Settings > Users.
2. Find the user who needs 2FA reset.
3. Click the action menu (⋮) next to their name.
4. Select Reset 2FA.
5. Confirm the reset action.

After reset:

• All of the user's 2FA methods will be disabled.
• Their recovery codes will be invalidated
• If 2FA is required, they must reconfigure it on next login.
• If 2FA is optional, they can log in without it until they reconfigure.