As an administrator, you can manage your organization’s two-factor authentication (2FA) policy and assist users who have trouble signing in with two-factor authentication. You can provide temporary access codes, reset 2FA settings, or enforce company-wide 2FA requirements.

Assist users with 2FA sign-in

Users may lose access to their authenticator app or email. In these cases, you can help them sign in by either generating a temporary access code or resetting their 2FA setup.

Give the temporary access code for a user

1. In Onix Work, go to Settings > Users & Roles.
2. Select the user account that needs help > Select Get access code.
3. Copy the code shown and share it with the user.

2800×532 203 KB

2800×1000 224 KB

The user should then:

1. Open the Onix sign-in page > Enter their email address and password.
2. Select Try another way.
3. Paste the temporary access code that you just shared > Select Verify to complete sign-in.

1484×1200 98.6 KB

1444×1200 89.2 KB

Reset 2FA for a user

1. In Onix Work, go to Setings > Users & Roles.
2. Select the user account that needs assistant > Select Reset two-factor authentication.

2800×532 203 KB

After the reset:

• The user can sign in using only their email and password.
• In case your organization requires 2FA setup and sign-in, the user must set it up again to access Onix apps.

Troubleshoot other issues

If your user experience other issues during 2FA setup or sign-in, see: [FAQ] Common problems with two-factor authentication for Onix accounts

Manage two-factor authentication policy

Require 2FA setup and sign-in company-wide

You can enforce a company-wide policy that requires all users to use two-factor authentication (2FA) when they sign into their Onix user accounts.

1. In Onix Work, go to Settings > Users & Roles > Security & identity.
2. Select Edit > Enable the Require two-factor authentication setting.

2800×608 241 KB

When this policy is active:

• Users signing in with email and password must complete 2FA setup using an authenticator app, such as Microsoft Authenticator or Google Authenticator.
• Users must enter a verification code from the app during each new sign-in.
• This policy does not apply to users who sign in with Microsoft Entra ID.

Turn off 2FA policy

At any time, you can turn off the company-wide requirement for 2FA setup and sign-in. However, users who previously set up 2FA will still be prompted to verify unless you reset their 2FA individually.

Do all customers need to use external 2FA apps for verification, or is this provided by Onix?

Hi @Thomas_Ljengkvist, it’s the first one; Onix don’t provide any authenticator app.
Customers can use common apps such as Microsoft Authenticator or Google Authenticator. If you use another one, make sure it is a TOTP (Time-based One-Time Password) authenticator app.