Two-factor authentication (2FA) is an optional security feature that helps protect your account when signing in from a web browser. Even if your password is stolen or cracked, 2FA adds another layer of protection.
With 2FA, signing in requires two things:
- Something you know: your password
- Something you have: your phone
When you sign in, Applaud sends a short numeric code to your phone. You'll need to enter this code in addition to your username and password.
Two-factor authentication and single sign-on
2FA works alongside single sign-on (SSO). After signing in to your Applaud tenant with SSO, you must also enter your 2FA code.
User setup flow
When you enable 2FA, users are prompted to set it up the next time they sign in. They cannot proceed without completing the setup.
After setup, Applaud sends a text message with a code each time the user signs in.
Tip: In the mobile app, the code appears above the keyboard for quick entry.
Backup codes
After entering the first 6-digit code, users are shown a one-time backup code.
- This code is critical if the user loses access to their phone.
- Users must record it securely. Applaud does not display the same backup code again.
- Administrators cannot retrieve another user's backup code.
If you have the Tenant admin role, you can:
- Change your own phone number.
- Generate a new backup code from your User definition page by selecting 2-STEP VERIFICATION.
Users without the Tenant admin role cannot access backup codes once setup is complete.
Troubleshooting
Didn't receive a code?
If you don't get your 6-digit code, you can just select Didn't get a code?
You can:
- Ask Applaud to resend the code.
- Enter your one-time backup code.
Backup codes refresh automatically
When you enter a one-time backup code and select Next, Applaud generates a new backup code. You must record the latest code. The previous backup code is no longer valid.
No phone and no backup code
If you can't access your phone and don't have a backup code, you can contact Applaud Support. They can retrieve access for you.
Best practices
- Enforce 2FA for administrators: Require Tenant admins and other privileged roles to use 2FA.
- Encourage secure storage: Advise users to store their backup code in a secure password manager, not on paper or email.
- Review phone numbers regularly: Update phone numbers for staff who change roles or leave your organization.
- Combine with SSO and MFA: Use 2FA together with single sign-on (SSO) and, if available, multi-factor authentication (MFA) from your identity provider for stronger security.
- Educate users: Remind users that they must keep backup codes safe and treat them like passwords.