Two-factor authentication (2FA) is a way to make your login to ChurchTools even more secure.
In addition to entering your password, this authentication requires you to enter a six-digit confirmation code, which is generated in a suitable app (e.g. Google Authenticator or FreeOTP Authenticator ).

Activation for your own user account #

You can activate the two-factor authentication for your own user account in your profile and then follow the instructions for setting it up.

 

Enforced by the administrator for certain user accounts #

If you are an admin of your ChurchTools, you can force the two-factor authentication for certain users, provided you have the administration permission administer persons or simulate persons. This is useful if a person has a lot of permissions and their user account should be better protected.

Enforced for individual persons #

As an admin you can set up the two-factor authentication to be required for each person separately. This is done in Persons & Groups, where you click on the pencil next to Permissions in the person detail view. A window will now open and you can select Enforce two-factor authentication. The next time the person logs in, they will be asked to set up 2FA.

Enforce for certain roles in a group #

You can also link the enforcement of the two-factor authentication to specific roles in a single group. To set this up, go to Persons & groups and click on Configure roles on the right-hand side of a group.

Now you can decide for each role in this group whether the two-factor authentication should be enforced.

Filter two-factor authentication #

As an admin with the administer persons permission, you can use More filter in the Persons & groups module to filter for which user accounts 2FA is activated and for which it is not yet activated.