Enable Two-Factor Authentication (2FA)

You can enable Two-Factor Authentication (2FA) on your Help Desk. This strengthens access security by requiring two methods of authentication at login.

To enable 2FA, go to Agents > Auth & SSO and click Manage:

![2FA settings screen]

There are two methods of 2FA available: Email 2FA and TOTP Service.

TOTP Service

Enabling the TOTP Service toggle allows agents to set up 2FA themselves through their preferences.

Once enabled, agents can go to Agent Preferences > Security to set up 2FA. They can either:

• Scan the QR code on a mobile device, or

• Enter the passphrase into their authenticator app

This will enable 2FA on their account.

Email 2FA

If you enable Email 2FA, agents will be prompted to set up 2FA with email verification at login. They will authenticate by entering the One-Time Password sent to their email.

You can also set up 2FA for agents via Agents > Agent Profiles. If set up this way, the agent will need access to the QR code or verification number linked to their account.

You can also enable 2FA for specific agents through Agents > Agent Profiles in the 2FA tab. Switch on the toggle Enforce 2FA.

Managing 2FA

If you want to make 2FA mandatory for all agents, enable Require agents to set up 2FA. When enabled, agents will be required to set up 2FA at their next login.

You can also apply a Grace Period. This allows agents to skip setting up 2FA until the specified date.

After the grace period ends, agents must set up 2FA to log in.

Removing 2FA

If an agent loses access to their authenticator app (for example, if they lose or replace their phone), Admins can remove 2FA from their account.

To remove 2FA:

1. Go to the agent’s profile

2. Open the 2FA tab

3. Click Remove

This removes 2FA from the agent’s account. An Admin or the agent can then reapply 2FA if needed.