Two-factor authentication (2FA) significantly improves security by requiring a second form of verification beyond just your password. Whilst Access Evo's 2FA is disabled by default, enabling it for your Access Members is highly recommended for enhanced data protection.
Important: Access Evo's 2FA does not replace Unleashed's own two-step authentication requirement. When Access Evo's 2FA is enabled for a user, the user will be required to log in to Access Evo with 2FA and Unleashed with 2SA.
Setting up 2FA in Access Evo tutorial video
Enabling 2FA for Access Evo
Navigate to your Access Evo account; if you're in Unleashed, click on the "access" button in the top left, and go to Products > Access Evo.
Click your name dropdown in the top right and select "My Account", or go to https://identity.accessacloud.com/.
Select "Two-factor authentication".
Click "Get started with two-factor authentication".
Choose from three authentication methods:
FIDO2 or U2F Authenticator (Biometric)
SMS Text Messages
Authenticator App
Set up 2FA with FIDO2 or U2F Authenticator (Biometric)
Use fingerprint or built-in biometric features.
Click Add authenticator, enter a name.
Click Add and use your PC pin or fingerprint.
Set up 2FA with SMS Text Messages
Click "Add mobile phone" and enter your number.
Click "Send Code" and enter the received code.
Click "Verify" and save backup codes.
Confirm understanding of backup codes and enable 2FA.
Set up 2FA with Authenticator App
Download an authenticator app ,e.g, Google Authenticator, Authy, or Yubico Authenticator.
Click "Add authenticator app" and follow the on-screen instructions.
Enter the generated code and click "Verify".
Disable 2FA for a user
The domain owner of the Access Evo account, needs to sign into Access Evo.
Select My Account then click Two-Factor Authentication.
Click "Disable for someone else", then enter the user's email address.
Click Save.
If you don't have access to the "Disable for someone else" option, then you need to follow a process for the Access Group to perform the removal of 2FA from the Access Evo user on your behalf:
Raise a new case online in the Access Support Portal, including the following information:
Employee Name
Employee Email Address (as it appears in Access Evo)
The reason(s) for the request
The impacted user must fill in the "Disable 2FA request form".
The director of your Access Evo organisation needs to review and sign the form.
The director must then submit the form to the Support Analyst and Information Security team, with the following statement:
"I confirm that I understand the associated risks related to disabling 2FA for the above individual and fully indemnify Access against any action or breach that may incur as a direct result."
Once the Access Group's Information Security team confirms with Support that 2FA removal for the user has been approved, Support will file a request with our Evo Development team to action the 2FA removal.
Frequently asked questions
How do I manage a user's 2FA in Access Evo?
How do I manage a user's 2FA in Access Evo?
If an employee has Two-factor authentication (2FA) set up and loses their backup codes, or can't get the authentication to work. Only a domain owner can remove the 2FA settings for the impacted Identity user.
What happens in Access Evo when I log out of Unleashed?
What happens in Access Evo when I log out of Unleashed?
If you log out of Unleashed, you will automatically be logged out of Access Evo and any Access-hosted Products you have too, and vice versa.
