2FA is an extra layer of security used to make sure that people trying to gain access to an account are who they say they are. First, a user will enter their username and a password. Then, instead of immediately gaining access they will be required to provide another piece of information. This will be in the form of Google Authenticator or Yubikey in the case of Katapult. A mobile phone number is used as a backup.
A user can manage their own 2FA settings within My Settings screens. This process is discussed in more detail in the User Settings Two Factor Authentication (2FA) How-to Guide.
Before you enforce two-factor authentication:
Enabling this feature will see organisation users that have not enabled 2FA for their own account be removed from your organisation. Organisation users will also not be able to remove their last 2FA devices while associated with your organisation. Before you can modify this setting you will need to have enabled 2FA on your own account. It is worth notifying your users about the change and advising them to set up 2FA for their accounts first, as this will prevent unintended access revocation.
To enforce 2FA for your organisation:
2FA will then be enforced. A reminder, any non 2FA users will be removed from your organisation. Re-inviting them to your Katapult organisation will prompt them to enable 2FA on their account if they haven't already.
Disabling 2FA removes a layer of security from your organisation.
To disable 2FA for your organisation:
2FA enforcement will then be disabled.
If you have lost your 2FA devices; or they no longer work; then you will not be able to access your account. We have built a recovery process which makes use of either your linked mobile phone number or your accounts 2FA recovery key, provided at the point you configure your first 2FA device. For more information on 2FA recovery, see the 2FA Account Recovery how-to guide.