How to activate two factor authorization for your Bitrix24 account
Yana Prokopets 22 October 2014
As you know, we take data safety and security issues very seriously. You can read about our daily backups, proactive network screens, SSL encrypted data transfer, data isolation and use of SAS 70 Type II datacenters here. These precautions, however, do not protect you from instances when your login and password are stolen, either by spyware or a rogue employee. This is why we’ve decided to addtwo step verification option to your account. If you’ve used internet banking or worked as and IT administrator, you are probably familiar with this – first, you log in with your regular login and password, then you receive your second password via mobile phone, enter it – only then you are able to access your account. This is how it works in Bitrix24 and what you need to do, if you’d like to activate this option.
Two factor authorization activation by portal administrators
Two factor authorization for all users of your Bitrix24 portal can be turned on by an administrator in (Settings -> Intranet Settings).
As an administrator, you can choose a time period (5 to 10 days) during which each user of your Bitrix24 portal will have to connect their phone to the portal in order to be able to use OTP.
After you save the settings, you will be offered to create an announcement for all employees, using the text we provided, that explains the advantages two step authorization provides and giving step-by-step instructions to be followed.
In addition to that, next time users of your portal try to authorize, they will see a notification that prompts them to connect their phone to the portal in order to get a secret key.
Connecting phone to your portal by individual users
Individual users can activate two step authorization by enabling this option in their user profiles (even if account administrators chose not to require this from every user). This is done in 5 simple steps:
1. Download Free OTP, Google Authenticator or Bitrix24 OTP (available in Google Play) app onto your smartphone.
2. Run application and click on the icon to add a new account.
3. Choose the preferred method to receive the verification code: Scan QR code - to scan the code, bring the camera of your mobile phone to the screen and wait until the application has scanned the code. Enter code manually - if you cannot scan the code, enter it manually. You will have to specify the website (or Bitrix24) portal address, your e-mail, the verification word, and select the key type -Time based.
4. Once the code has been successfully scanned or entered manually, your mobile phone will show the code.
Enter the code you see on your smartphone into the appropriate form in the security settings of your Bitrix24 profile.
If everything was done correctly, you’ll see the following message:
This means two factor authorization has been successfully activated. Fr om now on the user will be prompted to enter his or her login and password first
and a second secrete key (one time password) that is displayed on the smartphone after that in order to access Bitrix24 account.
Application passwords If users who activated two step authorization are also using any outside services that synchronize data with Bitrix24 accounts (mobile and desktop apps, MS Office, MS Outlook, Google Calendars and so on), a special separate password needs to be generated for each app in order for synchronization to continue.
These passwords need to be generated in My profile -> Application passwords, Settings.
Select an application that you need a password for and click Get Password. Copy the password.
and enter it into the password field of the third party service you are using (IMPORTANT: do not use your regular Bitrix24 account password). In this example we are entering the generated password in MS Outlook.
Other important information
If any user has lost or forgotten to take their phone to work, or it ran out of charge, account administrator can temporarily disable two step authorization for that particular user.
Any user who decided to switch their smartphone will need to connect it to the portal again. This is done in My profile -> Two-step authentication, Set up for new telephone.
If you are using self-hosted editions of Bitrix24, you can use hardware token generators in order to generate one time passwords in addition to mobile devices.