• How to activate two factor authorization for your Bitrix24 account

    Yana Prokopets 22 October 2014
    As you know, we take data safety and security issues very seriously. You can read about our daily backups, proactive network screens, SSL encrypted data transfer, data isolation and use of SAS 70 Type II datacenters here.
    These precautions, however, do not protect you from instances when your login and password are stolen, either by spyware or a rogue employee. This is why we’ve decided to addtwo step verification option to your account. If you’ve used internet banking or worked as and IT administrator, you are probably familiar with this – first, you log in with your regular login and password, then you receive your second password via mobile phone, enter it – only then you are able to access your account. This is how it works in Bitrix24 and what you need to do, if you’d like to activate this option.

    Two factor authorization activation by portal administrators

    Two factor authorization for all users of your Bitrix24 portal can be turned on by an administrator in (Settings -> Intranet Settings).

    51633f7db3117d5671fa9a491ee7f33a.png
    As an administrator, you can choose a time period (5 to 10 days) during which each user of your Bitrix24 portal will have to connect their phone to the portal in order to be able to use OTP.

    After you save the settings, you will be offered to create an announcement for all employees, using the text we provided, that explains the advantages two step authorization provides and giving step-by-step instructions to be followed.

    61ecebd9a01bdaa7d614a1ccbab60921.png
    76b0f3a11cce20e78acbc9203e028975.png
    In addition to that, next time users of your portal try to authorize, they will see a notification that prompts them to connect their phone to the portal in order to get a secret key.

    a9e1d82f649673a2771a372926d126eb.png
    Connecting phone to your portal by individual users

    Individual users can activate two step authorization by enabling this option in their user profiles (even if account administrators chose not to require this from every user). This is done in 5 simple steps:

    831a9b07ea1ee2a5c42e3519dc3bf105.png
    1.  Download Free OTP, Google Authenticator or Bitrix24 OTP (available in Google Play) app onto your smartphone.

    2.  Run application and click on the icon to add a new account.

    e3d0f33bf62462db3dd446e8a5e0286a.png
    3. Choose the preferred method to receive the verification code:
    Scan QR code - to scan the code, bring the camera of your mobile phone to the screen and wait until the application has scanned the code.
    Enter code manually - if you cannot scan the code, enter it manually. You will have to specify the website (or Bitrix24) portal address, your e-mail, the verification word, and select the key type -Time based.

    ae55d1df16494459ec76642479aa9785.png
    4. Once the code has been successfully scanned or entered manually, your mobile phone will show the code.

    2fcabe1f55060c1bd9c1b51714b84d18.png
    Enter the code you see on your smartphone into the appropriate form in the security settings of your Bitrix24 profile.

    d49837064d93325ea69db91fe70fe9d1.png
    If everything was done correctly, you’ll see the following message:

    a55de0b211604072c41a0d69fd16b78a.png
    This means two factor authorization has been successfully activated. Fr om now on the user will be prompted to enter his or her login and password first

    a47044850db5097ce0bdb6a83883bd60.png
    and a second secrete key (one time password) that is displayed on the smartphone after that in order to access Bitrix24 account.

    cb9c879fcee0ebace79756af01e3d037.png
    Application passwords
     If users who activated two step authorization are also using any outside services that synchronize data with Bitrix24 accounts (mobile and desktop apps, MS Office, MS Outlook, Google Calendars and so on), a special separate password needs to be generated for each app in order for synchronization to continue.

    These passwords need to be generated in My profile -> Application passwords, Settings.

    1574cecde902dc269746b19cb97943ba.png
    Select an application that you need a password for and click Get Password. Copy the password.

    5fc4c4246c4cb73a0fa6a1870f35d86b.png
    and enter it into the password field of the third party service you are using (IMPORTANT: do not use your regular Bitrix24 account password). In this example we are entering the generated password in MS Outlook.

    b152932ceb2f0d39f500047802d30c31.png
    Other important information

    If any user has lost or forgotten to take their phone to work, or it ran out of charge, account administrator can temporarily disable two step authorization for that particular user.

    d448f4cda24796b013739289650ce46f.png
    Any user who decided to switch their smartphone will need to connect it to the portal again. This is done in My profile -> Two-step authentication, Set up for new telephone.

    If you are using self-hosted editions of Bitrix24, you can use hardware token generators in order to generate one time passwords in addition to mobile devices.
    Tags: OTP
2,000,000+
organizations
are already using Bitrix24