Skip to main content

Multifactor Authentication in The BOS (2FA)

The BOS supports multi factor authentication (MFA) also known as two factor authentication (2FA) using TOTP codes. Multifactor authentication greatly improves the security of your account as somebody that knows your username and password still needs access to one of your MFA devices to complete the login. 

This requires you to use a compatible app to generate the codes. Some popular apps include:

  • Google Authenticator (setup guide)
  • Microsoft Authenticator (setup guide)
  • Some password manager services including Bitwarden and 1Password (requires payment)

How to enable Multifactor Authentication

  1. Make sure you have a compatible TOTP app installed (see list above)
  2. Log in to The BOS, click the user menu (top right) and select 'My Profile'
  3. You should see a MFA option including your current status (probably 'Disabled')image.png
  4. Click 'Verify' to unlock this setting. You may be prompted for your password again.
  5. Click 'Register' and scan the QR code into your authentication app. 
  6. Click 'Next' then enter the current code your app is displaying to finish setup. 
  7. You will be provided with some backup codes. Keep this in a safe place as a backup way to login if your 2FA device is unavailable. 

How to disable Multifactor Authentication

  1. Make sure you have a compatible TOTP app installed (see list above)
  2. Login to The BOS, click the user menu (top right) and select 'My Profile'
  3. You should see a MFA option including your current status (probably 'Enabled')

    image.png


  4. Click 'Remove' and follow the prompts

Company MFA Policy

Companies can enforce that all users are required to have MFA enabled. If this setting is enabled then any user in that company that logs in without 2FA enabled is required to set it up before continuing.

To turn this setting on or off:

  1. Log in to The BOS with an account that has admin permissions. 
  2. Click user menu (top right) then 'Company Settings'
  3. Click 'Settings' from the left menu then enable or disable the 'Force all users to use MFA' option. 

Not that users can still turn on/off MFA on their accounts if this setting is off, they merely aren't required to turn it on. 

Check which users have MFA enabled

Tenant admins can check which users have MFA enabled

  1. Log in to The BOS with an account that has admin permissions. 
  2. Click user menu (top right) then 'Company Settings'
  3. Click 'Users' from the left menu then sort by the 'MFA enabled' column