Manage two-factor authentication (2FA) for your organization

Knowledge base
,
1

As an administrator, you can manage your organization’s two-factor authentication (2FA) policy and assist users who have trouble signing in with two-factor authentication. You can provide temporary access codes, reset 2FA settings, or enforce company-wide 2FA requirements.

Assist users with 2FA sign-in

Users may lose access to their authenticator app or email. In these cases, you can help them sign in by either generating a temporary access code or resetting their 2FA setup.

Give the temporary access code for a user

  1. In Onix Work, go to Settings > Users & Roles.
  2. Select the user account that needs help > Select Get access code.
  3. Copy the code shown and share it with the user.

2800×532 203 KB

2800×1000 224 KB

The user should then:

  1. Open the Onix sign-in page > Enter their email address and password.
  2. Select Try another way.
  3. Paste the temporary access code that you just shared > Select Verify to complete sign-in.

1484×1200 98.6 KB

1444×1200 89.2 KB

Reset 2FA for a user

  1. In Onix Work, go to Setings > Users & Roles.
  2. Select the user account that needs assistant > Select Reset two-factor authentication.

2800×532 203 KB

After the reset:

  • The user can sign in using only their email and password.
  • In case your organization requires 2FA setup and sign-in, the user must set it up again to access Onix apps.

Troubleshoot other issues

If your user experience other issues during 2FA setup or sign-in, see: [FAQ] Common problems with two-factor authentication for Onix accounts

Manage two-factor authentication policy

Require 2FA setup and sign-in company-wide

You can enforce a company-wide policy that requires all users to use two-factor authentication (2FA) when they sign into their Onix user accounts.

  1. In Onix Work, go to Settings > Users & Roles > Security & identity.
  2. Select Edit > Enable the Require two-factor authentication setting.

2800×608 241 KB

When this policy is active:

  • Users signing in with email and password must complete 2FA setup using an authenticator app, such as Microsoft Authenticator or Google Authenticator.
  • Users must enter a verification code from the app during each new sign-in.
  • This policy does not apply to users who sign in with Microsoft Entra ID.

Turn off 2FA policy

At any time, you can turn off the company-wide requirement for 2FA setup and sign-in. However, users who previously set up 2FA will still be prompted to verify unless you reset their 2FA individually.

2026 Winter release notes