Two-Factor Authentication (2FA)

Implement two-factor authentication (2FA) on your Apptoto account to protect your private business data against digital attacks.

Two-factor authentication (2FA) adds a second layer of security to your account. In addition to a password, users must verify their identity with a time-sensitive code from an authenticator app or a text message. By requiring two forms of identification, 2FA makes it significantly more difficult for unauthorized users to gain access to sensitive business information.

Sign-In Verification

Even without 2FA enabled, Apptoto requires email-based identity verification each time you log in. This baseline check cannot be turned off.

Enabling 2FA for your account

You must have Full permissions or be a Group Admin to set up 2FA at the account level.

1. Go to Account & Billing: Navigate to Settings > Account & Billing. You can also click your username in the upper right corner and select Configure 2FA.

2. Click Configure 2FA: Under the Two-Factor Authentication section, click Configure 2FA.

   

3. Choose your verification method. A screen will appear with two options:

   Authenticator App

   1. Download an authenticator app (such as Authy or Microsoft Authenticator) to your mobile device.

   2. In the authenticator app, tap Add Account or + and scan the QR code shown in Apptoto.

   3. Enter the verification code provided by the authenticator app into Apptoto.

   4. Click Verify Token.

   Text Message

   1. Enter your phone number.

   2. Click Get Token.

   3. Enter the token you received and click Save.

   

Once two-factor authentication has been enabled at the account level, you can adjust 2FA settings further at the user level. You can also require some or all users of the Apptoto account to enable 2FA.

Requiring 2FA for All Users

Once 2FA is enabled at the account level:

1. Navigate to Settings > Users.

2. Underneath the list of all users in the account, toggle Require two-factor authentication on all accounts to on.

   

3. The next time any users associated with the primary account (or subaccounts) log in, they will be required to set up 2FA.

Requiring 2FA for Individual Users

If you want to require 2FA for some users (but not all), you can set individual user-specific 2FA settings instead of toggling it on for all users.

1. Navigate to Settings > Users.

2. Click the Edit button to the right of the user’s login.

3. On the Edit screen, check the box next to Require two-factor authentication.

4. Click Save. Apptoto will prompt the individual user to set up 2FA the next time they log in.

   

Re-Configuring or Disabling 2FA

If you want to reconfigure or disable two-factor authentication, you can do so from the “Accounts & Billing” page.

Caution

Disabling two-factor authentication (2FA) does not remove all security checks. You’ll still be required to complete email-based authentication when signing in. This cannot be turned off.

1. Navigate to Settings > Account & Billing.

2. Under Two-Factor Authentication, choose an action:

   Reconfigure

   1. Click the Re-Configure 2FA button.

   2. Generate a new token in your authenticator app.

   3. Enter the new token in Apptoto and click Save.

   Turn Off

   1. Click the Turn Off 2FA button.

   2. A prompt will appear asking if you are sure you want to remove 2FA. Click Yes.