The CivicPlus Organizations service supports Organization-level Two-Factor Authentication (2FA) to provide enhanced security for single sign-on. This industry-standard security convention requires users to use both their password and a secondary form (Authenticator app, etc.) to prove their identity at sign-on, hence the term two-factor.
- Once enabled, all users associated with your Organization will be prompted with instructions at their next sign-on (even users who have 2FA turned off on their individual accounts).
- Before enabling, we recommend you review your list of Organization Users and add or remove any users as needed.
- If a user is associated with multiple Organizations (City and County, for instance), 2FA will be required if either Organization chooses to enable it.
- This setting only applies to Organizations that are not using a custom identity provider.
Who can use this feature?
- Sign in to CivicPlus Organizations
- Navigate to Settings
- Scroll down to the Security section and toggle on Force Two-Factor Authentication
- Click Save
- Once enabled, the next time users log in they will be prompted to scan a QR code and set up the 2FA app of their choice
- Users will also see a list of Recovery Codes for their account in case they ever lose access to the app. We highly recommend users save these codes.
Signing in will now require the time-based, one-time passcode every time a user logs in