Managing two-factor authentication for a resource

Overview

To increase Autotask access security, all Autotask customers have to implement either single sign-on (SSO) or two-factor authentication (2FA). Users must supply the token when logging into the Autotask desktop application, LiveMobile, and Outlook, if the Outlook extension is configured.

2FA is:

  • not available for the API User license type
  • available but not required for the Dashboard User license type
  • required for all other license types unless Single Sign-on has been implemented
  • the only option for the Co-managed Help Desk license type, since an MSP's SSO will never be extended to them

All users will be prompted to set up 2FA when they complete their account setup during the first login. Refer to Creating a password and enabling two-factor authentication (2FA).

NOTE  For information about Single Sign-on, refer to Configuring single sign-on using the OpenID Connect standard.

Two-factor authentication options

You have two options for two-factor authentication, AuthAnvil and an authentication code.

  • AuthAnvil is only available to legacy customers already using this 2FA option. AuthAnvil uses a resource-specific pin code along with a unique one time pass code. Pass codes are generated by personal hand held devices enabled for AuthAnvil SoftToken technology or by an authentication token. For details on setting up and using AuthAnvil 2FA with Autotask, refer to AuthAnvil two-factor authentication.
  • Using an authentication code (for example, Google Authenticator, Microsoft Authenticator) is available to all customers, and is the only option for customers not already using AuthAnvil. The authentication code is generated by an app you install on your mobile device. For details on setting up and using an authentication code and Google Authenticator with Autotask, refer to Configuring a 2FA app.

Managing two-factor authentication

Two-factor authentication is now mandatory for all customers who are not using single sign-on. All resources are automatically enabled, and you cannot disable 2FA for anyone. You can, however, pause it.