Two-Factor Authentication

SUMMARY

• Workato uses Two-Factor Authentication (2FA) for enhanced security, requiring both ID/password and a code from an authenticator app.
• To enable 2FA, go to My profile > Two-factor authentication > Set up two-factor authentication. Scan the QR code with your authenticator app, then enter the 6-digit verification code from the app.
• 2FA can be temporarily or permanently disabled in specific situations, with recovery codes serving as an alternative access method.

Two-Factor Authentication (2FA) is an industry standard for multi-layered authentication. It requires two separate methods of verifying your identity by requesting something you know (ID and password) and something you have (an authenticator app on your phone). This provides an additional layer of security and ensures that no one else has access your Workato account.

How it works

Set up Two-Factor Authentication (2FA) in 2 minutes

There are multiple situations in which you may be prompted to authenticate your Workato credentials through an authenticator app, including:

• When you log in to a workspace that requires two-factor authentication with your email and password.

• When you switch from a workspace that does not require two-factor authentication to a workspace that does require two-factor authentication.

• When sessions are invalidated for security policy updates, changes in the user's authentication status, or other critical security events. Workato automatically signs out all active workspace sessions when these events occur to mitigate the risk of unauthorized access. This proactive measure ensures that if a session continues after its associated credentials or security status has been compromised or modified, it is promptly terminated. In the event of session invalidation, Workato also implements an automatic backend refresh. This process ensures that all changes to a user's authentication status or security settings are promptly reflected across the system, including within active sessions. The automatic backend refresh enforces changes requiring re-authentication or access right adjustments immediately without waiting for a manual session restart or re-login by the user.

Workato requesting two-factor authentication

Your authenticator app generates a unique, temporary 6-digit code each time you log in to your Workato account. This code verifies your identity and expires after use.

Workspace configuration for two-factor authentication

Additional configuration is required to enable two-factor authentication for a workspace and its collaborators.

• A workspace owner must enable two-factor authentication on their personal profile before enabling it within a workspace.

• All collaborators within a workspace with two-factor authentication enabled must enable two-factor authentication in their personal profile to access the workspace.

  • Collaborators invited to a workspace with two-factor authentication enabled must enable two-factor authentication in their personal profile before they can join the workspace.

  • Collaborators who are part of an existing workspace that later enables two-factor authentication must enable two-factor authentication on their personal profiles to maintain workspace access.

Choose an authenticator app

Workato allows authentication through mobile applications. Some common ones are:

• Google Authenticator (iOS (opens new window) or Android (opens new window))
• Authy (iOS (opens new window) or Android (opens new window))
• Microsoft Authenticator (iOS (opens new window) or Android (opens new window))

Setup two-factor authentication

Let's go through the activation for two-factor authentication. You will need to be logged in to your Workato account and have your authenticator app (opens new window) ready. In this example, we will be using Google Authenticator.

1

Click My profile. My profile

2

Click Two-factor authentication > Setup two-factor authentication. Set up Two-factor authentication

3

Enter your password and click verify password if prompted to verify your credentials. Learn more about why you're asked to verify your password. Verify your password

4

Scan the QR code using Google authenticator, or register using the provided code.

Two-factor authentication setup

5

Copy the 6-digit verification code from Google authenticator.

The Workato label and profile name lets you know that the connection between Google authenticator and the Workato platform is functioning properly.

Google authenticator unique verification code

6

Paste the verification code into Workato.

Confirm authenticator app with Workato account

7

Click Save or download to keep a copy of your recovery codes.

Recovery codes

Remember to store your recovery codes in a secure location. Find out more about recovery codes.

You have completed the one-time setup of your Workato two-factor authentication.

Two-factor authentication enabled

Disable two-factor authentication

In certain situations, you may need to disable your two-factor authentication. For example, in the event of a stolen device or switching to a new work device.

1

Click My profile.

My profile

2

Click Two-factor authentication > Disable two-factor authentication.

Two-factor authentication

TRUSTED DEVICES

Disabling two-factor authentication removes all trusted devices that were logged in with the authenticator app.

3

Enter your password and click verify password if you are prompted to verify your credentials. Learn more about why you're prompted to verify your password.

Verify your password

4

Click Disable 2FA.

Disable two-factor authentication

Recovery codes

Recovery codes are alphanumeric strings that are uniquely tied to your Workato account. You can use the recovery code to verify your identity in place of the 6-digit verification code. Each recovery code can be used only once.

Use a recovery code

A list of twelve recovery codes are auto-generated during the two-factor authentication setup. You should store your recovery codes in a secure location, preferably in a different location from your authenticator app (* a different device than your phone*).

Lost authentication device

If you delete, change, or lose your app or device, you can still access your Workato account. You can use a recovery code to perform two-factor authentication.

When you log in with a recovery code, you are advised to reset your two-factor authentication settings. By changing the two-factor authentication setting, you are preventing unwanted access to your account thru a stolen device. This also reconfigures two-factor authentication to your new device. Basic steps to reconfigure your two-factor authentication for your device are:

• Disable two-factor authentication.
• Setup two-factor authentication with your new device.

Lost recovery codes

If you forgot to store your recovery codes or have accidentally deleted them, you can retrieve your recovery codes from your two-factor authentication setup.

To view your recovery codes:

1

Click My profile.

2

Click Two-factor authentication > View recovery codes.

View recovery codes

We recommend that you store your recovery codes in a secure but accessible location.

Generate new recovery codes

If you misplace your recovery codes, you can generate a new set. Remember that other people can use the recovery codes to access to your Workato account.

You can also generate new recovery codes if they are depleting. Using the single-use recovery codes for two-factor authentication reduces the total number of available codes. Generating a new set of recovery codes ensures that you never get locked out of your Workato account.

1

Click My profile.

2

Click Two-factor authentication > View recovery codes > Regenerate codes.

Generate new recovery codes

Trusted devices

You can temporarily disable two-factor authentication for trusted devices, such as a secured work laptop. This allows the device to login without two-factor authentication for 30 days.

Click trust this device during the set up two-factor authentication process.

Trust this device for 30 days

Your trusted devices appear on the two-factor authentication settings page, where you can revoke access to unrecognized devices or those no longer in use.

Trusted devices

Why verify password

When you change your account security settings, Workato requires your password for an extra layer of authentication. This applies when making changes to your two-factor authentication configuration, which includes enabling two-factor authentication and viewing recovery codes.

After you have verified your password, we do not ask you to verify it again for the next fifteen minutes.

Verify password

NEED A PASSWORD?

If you signed up for Workato using SSO, or if your workspace is switching authentication methods from SAML SSO to 2FA and you do not have a password to verify your Workato account, you must reset your password using your email by clicking the Forgot password link on the sign-in page.