Users and Trusted Devices for Two-Factor Authentication
Users with 2FA required roles can specify devices as trusted when logging in to the 2FA role. Marking a device as trusted works in conjunction with the value specified by the Administrator in the Duration of Trusted Device column for a particular role.
For example, a role has been designated as 2FA required, and the value for Duration of Trusted Device has been set to 30 days. The next time a user with this role logs in, they can choose whether to check the Trust this device box.
In cases where a user has access to more than one company, and the user’s role is 2FA required, marking a device as trusted makes that device trusted across all companies to which the user has access.
After a user has marked a device as trusted, the user can modify that choice on the Manage Trusted Devices page.
For example, this user marked a device as trusted. That is, the user previously chose not to be asked for a two-factor authentication (2FA) verification code on this device.
The user can reverse that choice by selecting a Restore 2FA required... option. If the 2FA required is restored for a device, the user must use a 2FA authenticator app, or a backup code to log in.
There is a link on the Settings portlet to access the Manage Trusted Devices page.