Two Factor Authentication

Two-factor authentication is an additional security process to secure your account by the combination of a password and a mobile device. This reduces the chance of your account being hacked into and protects your data with extra secure measures.

How Two Factor Authentication works:

Login via a Web browser:

Step 1: User logs in with their Username and Password

Step 2: If the user password is correct, the user receives an additional secure code. (via SMS/ Voice call or QR Code as per TFA configuration)

Step 3: The user provides the secure code in the browser, to access the account.
The user can choose to remember the code in the particular browser in the system, for the next 45 days.  If the user accesses the system from a different browser or a system, the user needs to provide a new code again to access the same account.

Two Factor Authentication for Organizations

As a security measure, you can mandate the Two Factor Authentication (TFA) for the organization. All users must use the additional security code to login to their accounts. Hence make sure that each user has access to a mobile device to get the secure code via SMS/ Voice call or the mobile app with QR code scan option.

  1. Login to www.skydesk.jp/en/apps/mail/ as Administrator
  2. Click Control Panel >> Dashboard >> Two Factor Authentication
     
  3. Select the option 'On' to enable and enforce Two Factor authentication for all users in the organization. 

Once you enable TFA, the users will choose the TFA Mode (SMS using a mobile number or QR Code scanning), to set up their preferred Two Factor Authentication method, the next time they log in. You can turn off the TFA, to disable TFA for the entire organization. 

For information on the mode of TFA, refer this help page.

However, the user needs to disable TFA again, if the TFA has been configured already for the account. 

Steps to Reset TFA for Specific Users:

The administrator can reset the TFA for users, in case they lost the mobile device or do not have access to the mobile device they used at the time of TFA activation. 

  1. Login to www.skydesk.jp/en/apps/mail/ as Administrator
  2. Click Control Panel >> Mail Accounts >> Select the user
  3. Select Reset TFA for the user, whose TFA process you need to reset. 
     
  4. The next time the user logs in, the user can set up TFA from the beginning, providing a new mobile number/ Google Authenticator.

Steps to Enable/ Disable TFA for Specific Users:

 The administrator can enable or disable the TFA status for users from the Control Panel. 

  1. Login to https://www.skydesk.jp/en/apps/mail/ as Super Admin
  2. Click Control Panel >> User Details
  3. Select Two Factor Authentication 
  4. Select 'Enable' or 'Disable' to enable/disable the Two Factor Authentication for the user. 

Generating Application-Specific Passwords

The users need to generate and use application specific password when accessing the email account via POP/ IMAP if Two Factor Authentication is enabled for the account. 

Steps to generate Application Specific Passwords:

  1. Login to https://www.skydesk.jp/en/apps/mail/ as user
  2. Click My Account link at the top to view SkyDesk Accounts
  3. Select Two Factor Authentication >> Manage Application specific passwords. 
     
  4. Provide the device name and your current web login password in the page. The device name is just a reference name, for you to verify/ revoke in future. 
     
  5. Select 'Generate' to view the application specific password. 
     
  6. The device specific password will be displayed only once and will not be displayed again. 
  7. You need to use the password without any spaces in the device. 
  8. You can select Show generated passwords to link to view the past generated time and device names. 
     
  9. You can revoke any password if you no longer use the device or to remove access to the application.