The Staff Center, formerly CivicPlus Organizations, supports organization-level two-factor authentication, or 2FA, to improve security for single sign-on. This standard security method requires users to enter a password and a second form of verification, such as an authenticator app, to confirm their identity at sign-on.
Important Notes:
Once enabled, all users in your organization will be prompted with instructions at their next sign-on. This includes users who have 2FA turned off on their individual accounts.
Before enabling, review your list of organization users and add or remove users as needed. You can also Automatically Add Users to an Organization by Domain.
If a user is associated with multiple organizations, such as a city and a county, 2FA will be required if either organization enables it.
This setting applies only to organizations that do not use a platform identity provider.
Who can use this feature?
Organization Owners
Instructions
Sign in to the Staff Center
Navigate to Settings

Scroll down to the Security section and toggle on Force Two-Factor Authentication

If needed, add a domain to automatically add users with email addresses matching the associated domain(s) to your organization

Click Save

Once enabled, the next time users log in, they will be prompted to Enable an Authenticator App (recommended) or Enable Email Authentication

The user will then follow the setup instructions for the method they selected
Authenticator App:
Scan a QR code and set up the 2FA app of their choice

Users will also see a list of Recovery Codes for their account in case they ever lose access to the app. We highly recommend users save these codes:

Email:
An email will be sent to their account’s email address. They will copy the code from the email.

The user will paste the Authentication Code from their email and click Verify.

The user will then receive a new email verification code, which they must enter to confirm their login.

Signing in will now require two-factor authentication every time the user logs in
Note:
A note will display on the user’s account that two-factor authentication is required for their organization. If they try to disable or reset their 2FA settings, they will be prompted to re-enable 2FA the next time they sign in.
