Managing two-factor authentication in SuiteProjects Pro

After you enable 2FA for your company's SuiteProjects Pro account, you can:

Control 2FA settings. To do so, go to Administration > Global Settings > Account > Two-factor authentication.
- When you enroll a user to sign-in using 2FA, this user can skip the 2FA setup for a limited number of days and sign-ins. You can control the number of Days until 2FA setup is required and the number of Sign-ins until 2FA setup is required.
- Check the Trust devices box to allows users to add the device they sign in from as a trusted devices. This will let the same user sign in to SuiteProjects Pro on the same device without being asked to enter a verification code every time. Each device is trusted for a limited number of days, after which it is removed automatically from the list of trusted devices for your company's SuiteProjects Pro account. You can specify the number of Days until a trusted device is removed. A user's trusted devices are removed automatically when the user changes password.
  
  Important:
  Clearing the Trust devices box removes all trusted devices for all users.
Enroll or disenroll users to sign in using 2FA.
Add the following columns to the employees list for auditing purposes:
- 2FA required – The column indicates whether a user is enrolled to sign in using 2FA (Required), not enrolled (Not required), or accessing SuiteProjects Pro using single sign-on (empty value).
- 2FA status – The column indicates whether a user has completed the 2FA setup (Setup), not completed it yet (Required), or is not enrolled to sign in using 2FA (empty value).
- Complete 2FA setup by – The column shows the deadline when the user must set up 2FA by.
Reset two-factor authentication or remove trusted devices for one user from Administration > Global Settings > Users > Employees > [Select an employee] > Two-factor authentication.

When you reset 2FA settings for a user, SuiteProjects Pro sends an email notification automatically to inform the user.
Disable 2FA temporarily for your account. To disable 2FA, go to Administration > Global Settings > Account > Security, clear the Enable two-factor authentication box, and click Save.

Note:
Disabling 2FA temporarily for your account does not remove 2FA setup-related information for users. After you enable 2FA again, users will not need to set up 2FA again.

Enroll or disenroll users to sign in using 2FA

Use the following steps to enroll or disenroll users to sign in to your company's SuiteProjects Pro account using 2FA.

When you disenroll a user, all 2FA setup-related information for this user is removed. If you enroll that same user again, the user will need to setup 2FA again and will be able to skip 2FA setup up to the number of times and days specified in the two-factor authentication settings for your company's account.

To enroll or disenroll users to sign in using 2FA:

In SuiteProjects Pro, go to Administration > Global Settings > Users > Employees > [Select an employee] > Demographic.
Check the Two-factor authentication required box to enroll the user. Clear the box to disenroll the user.
Click Save.

After you enroll a user, the demographic form shows "User must complete 2FA setup by <date>" under the Two-factor authentication required box.

SuiteProjects Pro sends an email notification automatically to inform the enrolled user of the requirement to setup 2FA.
Repeat for each user you want to enroll to sign in using 2FA.

Note:

Two-factor authentication is not available for users accessing SuiteProjects Pro using single sign-on. Saving the form returns an error if both the Two-factor authentication required and saml_auth boxes are checked.

You can use the bulk employee change wizard to copy the value of the Two-factor authentication required box to other user records in your company's SuiteProjects Pro account. See Making Changes to Multiple Employee Records at the Same Time.

You can use the XML API and SOAP API, or the Integration Manager to modify the value of the Two-factor authentication required [mfa_status] box for multiple users.