# 2FA - Two Factor Authentication

2FA adds an additional factor, or form, of identification to the Identity and Access Management process so that users need to know something - their password - and have access to something - an OTP from an authenticator app - in order to access your organization’s data. Users can generate one-time passwords (OTPs) with an authenticator app such as Google Authenticator or Authy.

{% hint style="info" %}
Users on the Enterprise plan can access 2 Factor Authentication features by default as part of their plan. Business users have the option of enabling 2FA, but not enforcing it.
{% endhint %}

{% @arcade/embed url="<https://app.arcade.software/share/dX3oD3RKSHyNnQgVnjCU>" flowId="dX3oD3RKSHyNnQgVnjCU" %}

### Add 2FA to your app

{% hint style="info" %}
After opting-in to 2FA you must [publish your app](https://guides.noloco.io/settings/publishing) for 2FA to be enabled in your app
{% endhint %}

To add 2FA as a sign in option to your app go to “Settings > Login & Sign Up > Two-Factor Authentication” or by clicking on this link: <https://portals.noloco.io/~/_/settings/sign-in> and click on the toggle to require a second factor of authentication during sign-in.

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXcwPGZsITc2ZnlvAZMbKiWvgnvT-3Nf65zyth6ENYhDuBuygmcRQRjGh11Y1MSxKhl9Bqi4EoLAgHeoeAJsublQW60GcmmRclxVmMAAi-tpG1VxiQhamejtHS5DWNME5p7J6CIlbQ?key=PjmB0GSvszxbo9hJ3MpxzOOj" alt="" width="375"><figcaption></figcaption></figure>

For Enterprise users, once this setting is enabled then this creates two opportunities for users to enable 2FA in their apps. The first is for new users who can [enable 2FA when they sign up](#enable-2fa-at-sign-up) for your app for the first time. The second is for existing users of your app to [enable 2FA to their existing accounts](#enable-2fa-on-an-existing-account).

<figure><img src="https://319575345-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MifpIQWu0HCVYAt51oT%2Fuploads%2Fgit-blob-6b1de96b45e95885a137d17930c88094b05f5fa7%2F2fa_config.png?alt=media" alt=""><figcaption></figcaption></figure>

Once you have chosen to add 2FA in your app you must then [publish](https://guides.noloco.io/settings/publishing) your app for these changes to take effect.

### Enable 2FA at Sign up

{% stepper %}
{% step %}
**Link Authenticator App**

Users can sign up for your app in the usual way and after they have entered their password they will be prompted to link their Authenticator app. This can be done by scanning the QR code or by typing in the 24 character code directly into their authenticator app.

<figure><img src="https://319575345-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MifpIQWu0HCVYAt51oT%2Fuploads%2Fgit-blob-659cb088751ec94f4eb08992670136520ed985bb%2F2fa_signup_step1.png?alt=media" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Confirm Linking**

Once the user has successfully connected to the authenticator app they will be prompted to enter a one-time password to confirm they have access to this second factor.

<figure><img src="https://319575345-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MifpIQWu0HCVYAt51oT%2Fuploads%2Fgit-blob-96599789e14394b888cf644f53f024abea85fa4a%2F2fa_signup_step2.png?alt=media" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Download Backup Codes**

After confirming, users will be prompted to download a .txt file with some backup codes. These codes can be used in the event of the user losing access to their authenticator app. The codes must be stored securely in a safe place.

<figure><img src="https://319575345-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MifpIQWu0HCVYAt51oT%2Fuploads%2Fgit-blob-9e1c72b7bdd1e3a495d218af9ef1ab68fe1c43ea%2F2fa_signup_step3.png?alt=media" alt=""><figcaption></figcaption></figure>
{% endstep %}
{% endstepper %}

### Enable 2FA on an existing Account

{% stepper %}
{% step %}
**Turn on 2FA**

If you users already have accounts and you want them to retrospectively add 2FA this can be done by clicking on the user icon in the bottom left corner of the screen.

<figure><img src="https://319575345-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MifpIQWu0HCVYAt51oT%2Fuploads%2Fgit-blob-102a87a9eec328e72d55cd875fdb8fa3f61721f3%2F2fa_existingusers_step1.png?alt=media" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Start Setup**

A modal will appear with guidance on how to enable 2FA.

<figure><img src="https://319575345-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MifpIQWu0HCVYAt51oT%2Fuploads%2Fgit-blob-5f4b26aeb537e8d80f9b597f6c1ae8249ca7d544%2F2fa_existingusers_step2.png?alt=media" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Link Authenticator App**

Next, the user will be prompted to link their Authenticator app. This can be done by scanning the QR code or by typing in the 24 character code directly into their authenticator app

<figure><img src="https://319575345-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MifpIQWu0HCVYAt51oT%2Fuploads%2Fgit-blob-560184b9d42ced305aab4e037db22494079324af%2F2fa_existingusers_step3.png?alt=media" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Confirm Linking**

Once connected to the app the user will need to confirm by entering a one-time password (OTP) that has been generated in the authenticator app.

<figure><img src="https://319575345-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MifpIQWu0HCVYAt51oT%2Fuploads%2Fgit-blob-c09341dd23b5923bd825d40454bb37c429e0e5d7%2F2fa_existingusers_step4.png?alt=media" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
**Download Backup Codes**

Finally, the user is prompted to download their plain text backup codes. These codes can be used in the event that the user loses access to their authenticator app and should be stored securely in a safe place.

<figure><img src="https://319575345-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MifpIQWu0HCVYAt51oT%2Fuploads%2Fgit-blob-f975af10c81de1e51f7e83d35a27a56b24c0e9fb%2F2fa_existingusers_step5.png?alt=media" alt=""><figcaption></figcaption></figure>
{% endstep %}
{% endstepper %}

### Reset 2 Factor Authentication

App admins can reset two-factor auth for their end users via the Users table. Once 2FA has been enabled you will see a new "2FA setup Complete" column in the user table. Right-clicking on this field will allow you to reset 2FA for your end users.

<figure><img src="https://319575345-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MifpIQWu0HCVYAt51oT%2Fuploads%2Fgit-blob-def31cf17695c288e438d635e5319df96d2afa6e%2F2fa_reset.png?alt=media" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://guides.noloco.io/settings/login-and-signup/2fa-two-factor-authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.