We are excited to announce the release of a new security feature to enhance access control methods to your CRM instance: Two-Factor Authentication (2FA). Here is a video that explains a bit about Two-Factor Authentication.
This effort makes updates and standardizations to the 2FA experience by centralizing access control settings and improving clarity around the experience for our users. This also increases the security functions that you now have on the Centrex platform.
This enhancement creates a new “Access Control” Settings Page, found at the controlling company level (the highest level company within an account) in the “Admin tab > Settings” area.
The page that will now appear (see below) centralizes all of our access control functionality.
The left sidebar lists various control features such as IP Whitelisting (the default setting) and 2FA.
NOTE: Our IP Whitelisting functionality has been moved here to consolidate your Access Control needs.
The 2FA function is accessed by clicking “Two-Factor Authentication” in the left sidebar (see red highlighted box). 2FA must first be enabled or disabled at an account level by clicking the toggle button (see the small red highlight at the top of the image below).
Once enabled at the account level, specific companies can have 2FA functionality enforced on them. Under the “Manage Company Access” section, select a company from the “Disabled” column that you wish to enforce 2FA on. Click once on the name of the company, and then click on the single right-facing arrow (highlighted below). You will then see the company is now moved to the “Enabled” column (see the highlighted section on the right of the image below).
Once active, a notification will appear stating, “You have successfully turned Two-Factor Authentication on for [Company Name].”
It will also display text in the SMS Notification section of a user’s “my settings” profile and on the “edit user” page (available from the Admin tab > Settings > Navigation Bar shown earlier) to indicate that the number stored there is used with 2FA as well. When enabled for a company, 2FA is enabled for all users within that company. 2FA cannot be controlled at a user level. If a user does not have a cell phone number filled out in their profile, upon their next login they will be asked to enter and save their cell phone number for use with 2FA. If a user does have a cellphone number on file, they will automatically receive a verification code.
With 2FA activated, when logging into the Forth system, you will be presented with the following dialog box, asking you to provide a mobile phone number and then asking you to click the green “Send Verification Code” button.
NOTE: Standard text message rates may apply based on your plan with your mobile phone carrier.
Check for a text message that provides the 2FA verification code required for access (see the image below).
Once you provide the correct code and click the “Continue” button, you will see confirmation that the code was accepted and you will be automatically logged into the CRM as usual.
What are the Benefits of this New Feature?
- Stricter Security – Enhanced security controls over users accessing the CRM, ensuring that only people with the right access are able to get in.
- Better Administration – Ability for super admins within the controlling company to enforce security policies on users within an account from one centralized area.
- Improved Organization – IP Whitelisting functionality may also be accessed via this page to help standardize Access Control tools for your use.