# Two-Factor Authentication
- Workato uses Two-Factor Authentication (2FA) for enhanced security, requiring both ID/password and a code from an authenticator app.
- To enable 2FA, go to Settings > Two-factor authentication > Set up two-factor authentication. Scan the QR code with your authenticator app, then enter the 6-digit verification code from the app.
- 2FA can be temporarily or permanently disabled in specific situations, with recovery codes serving as an alternative access method.
Two-Factor Authentication (2FA) is an industry standard for multi-layered authentication. It requires two separate methods of verifying your identity by requesting something you know (ID and password) and something you have (an authenticator app on your phone). This provides an additional layer of security and ensures that no one else has access your Workato account.
# How it works
Set up 2 Factor Authentication (2FA) in 2 minutes
There are multiple situations in which you may be prompted to authenticate your Workato credentials through an authenticator app, including:
When you log in to a workspace that requires two-factor authentication with your email and password.
When you switch from a workspace that does not require two-factor authentication to a workspace that does require two-factor authentication.
Workato requesting two-factor authentication
A unique verification code is generated for you whenever you login to your Workato account. It is a temporary 6-digit code that lets us know it is indeed you. Afterwards, the code will expire and cannot be reused.
# Choose an authenticator app
Workato allows authentication through mobile applications. Some common ones are:
- Google Authenticator (iOS (opens new window) or Android (opens new window))
- Authy (iOS (opens new window) or Android (opens new window))
- Microsoft Authenticator (iOS (opens new window) or Android (opens new window))
# Setup two-factor authentication
Let's go through the activation for two-factor authentication. You will need to be logged in to your Workato account and have your authenticator app (opens new window) ready. In this example, we will be using Google Authenticator.
Open Account Settings. Profile dropdown
Select Two-factor authentication > Setup two-factor authentication. Two-factor authentication disabled
If prompted to verify your password, input your password and click verify password. Learn more. Verify your password
Using Google authenticator, scan the QR code. Otherwise, you can register with the code provided.
Two-factor authentication setup
Copy the 6-digit verification code from Google authenticator.
The Workato label and profile name lets you know that the connection between Google authenticator and the Workato platform is functioning properly.
Google authenticator unique verification code
Paste the verification code into Workato.
Confirming authenticator app with Workato account
Save or download a copy of the recovery codes.
Remember to store them in a secure location. Find out more about recovery codes.
Done! You have completed the one-time setup of your Workato two-factor authentication.
Two-factor authentication enabled
# Disable two-factor authentication
In certain situations, you would have to disable your two-factor authentication. For example, in the event of a stolen device or switching to a new work device.
Open Account Settings.
Select Two-factor authentication > Disable two-factor authentication. Two-factor authentication
Disabling two-factor authentication removes all trusted devices that were logged in with the authenticator app.
If prompted to verify your password, input your password and click verify password. Learn more
Verify your password
Click Disable 2FA.
Disable two-factor authentication
# Recovery codes
Recovery codes are alphanumeric strings that are uniquely tied to your Workato account. You can use the recovery code to verify your identity in place of the 6-digit verification code. Each recovery code can be used only once.
Using recovery code
A list of 12 recovery codes are auto-generated at the two-factor authentication setup. You should store them in a secure location, preferably not in the same location as your authenticator app (i.e. not on your phone).
# Lost authentication device
If you deleted your app, changed, or lost your device (or security key), you can still access your Workato account. You can use a recovery code to perform two-factor authentication.
Upon logging in, you are advised to reset your two-factor authentication settings. By changing the two-factor authentication setting, you are preventing unwanted access to your account thru a stolen device. This also reconfigures two-factor authentication to your new device.
# Lost recovery codes
If you have not stored your recovery codes or have accidentally deleted them, you can retrieve them from your two-factor authentication setup.
To view your recovery codes, go to Account settings > Two-factor authentication > View recovery codes.
View recovery codes
You are advised to store them in a secure but accessible location.
# Generate new recovery codes
If you realized that you have misplaced your recovery codes, we advise that you generate a new set. Remember that other people can use the recovery codes to access to your Workato account!
You can also generate new recovery codes if they are depleting. Using the single-use recovery codes for two-factor authentication will reduce the total number of available codes. Generating a new set of recovery codes will ensure that you never get locked out of your Workato account.
Select Account settings > Two-factor authentication > View recovery codes > Regenerate recovery codes
Generate new recovery codes
# Trusted devices
You can temporarily disable two-factor authentication for trusted devices, like a secured work laptop. This allows the device to login without two-factor authentication for 30 days.
Select trust this device during the two-factor authentication process.
Trust this device for 30 days
Your trusted devices will appear on the two-factor authentication setting's page. You can revoke access to devices you do not recognize or to devices that are no longer in use.
# Why verify password
When initiating changes in your account security settings, Workato will ask you for your password as an additional layer of authentication. This applies when making changes to your two-factor authentication configuration, which includes enabling two-factor authentication and viewing recovery codes.
After you have verified your password, we will not ask you to verify it again during the next 15 minutes.
NEED A PASSWORD?
If you signed up for Workato using SSO, or if your workspace is switching authentication methods from SAML SSO to 2FA and you do not have a password to verify your Workato account, you must reset your password using your email by clicking the Forgot password link on the sign-in page.
Last updated: 11/27/2023, 9:51:04 PM