On their own, usernames and passwords aren’t sufficient protection against cyber threats. An effective way to secure account users sign-in into your Bookeo account and protect your company and customers' data is to require that account users provide an additional factor of authentication when logging into their Bookeo account. Having two or more authentication factors increases your cyber security. Security experts call this Multi-Factor Authentication (MFA).
You can set how long the MFA code will be remembered on devices, let account users choose if they want to enable MFA for their account, enforce MFA for all account users, set a specific timeframe for MFA implementation, and also exempt some account users from the MFA implementation.
Only an account user can turn on the MFA feature for its/her own account. As the account owner or super-manager, you can check an account user’s current MFA setting and if necessary disable the MFA feature for a user.
In this article:
- Set how long the MFA code will be remembered on devices
- Require all account users to enable the MFA feature for their account
- Check which account users have enabled the MFA feature
- Disable the MFA feature for an account user
Set how long the MFA code will be remembered on devices
To give your account users the right balance of security and ease of use by asking them to sign in with MFA at the right frequency, you can set how long the Multi-factor authentication will be remembered on your account users' devices if when they log in, if they opt to remember their MFA authentication on the device.
1. Log into your Bookeo account as the account owner or as a super-manager
2. Click on the icon in the top right corner of your dashboard
3. Click on Organization security
4. In the Multi-factor authentication section, from the Remember duration [1] dropdown menu, select how long the MFA code will be remembered on a user's device (the default duration is 30 days)
5. Save
Require all account users to enable the MFA feature for their account
You can set that all the users of your Bookeo account must enable the MFA feature. Before requiring that account users must enable MFA, we recommend alerting them of the upcoming change and providing instructions for configuring the authenticator smartphone app.
1. Log into your Bookeo account as the account owner or as a super-manager
2. Click on the icon in the top right corner of your dashboard
3. Click on Organization security
4. In the Multi-factor authentication section, from the Require MFA [2] dropdown menu, select if account users must enable the MFA feature and the timeframe for implementation.
5. Save
Set a different time frame for the MFA implementation for some account users
If you set that all the users of your Bookeo account must enable the MFA feature, you may want to set a short or longer MFA implementation timeframe for some account users. For example, if you want to start your MFA implementation with a pilot, or if some account users are on leave.
1. Log into your Bookeo account as the account owner or as a super-manager
2. Click on the icon in the top right corner of your dashboard
3. Click on Users
4. Click on an account user
5. In the User section, click on the Change[3] link next to MFA.
6. From the dropdown menu[4], select:
- require MFA by to set a date, then select a date from the date picker[5], or
- require MFA at next signin
7. Click OK [6]
8. For security reasons, you will be prompted to input your Bookeo account password. Input your password
9. Click OK
Exclude account users from the MFA implementation
If you do not require some account users to implement the MFA feature for their account:
1. Log into your Bookeo account as the account owner or as a super-manager
2. Click on the icon in the top right corner of your dashboard
3. Click on Users
4. Click on an account user
5. In the User section, click on the Change[3] link next to MFA.
6. From the dropdown menu[4], select do not require MFA
7. Click OK [6]
8. For security reasons, you will be prompted to input your Bookeo account password. Input your password
9. Click OK
Check which account users have enabled the MFA feature
You can check which account users have enabled the MFA feature:
1. Log into your Bookeo account as the account owner or as a super-manager
2. Click on the icon in the top right corner of your dashboard
3. Click on Users
4. If the tick icon [7] shows in the MFA column for an account user, this means that the account user has enabled the MFA feature
Disable the MFA feature for an account user
You may need to disable the MFA feature for an account user - for example, if the account user does not have an authenticator code or recovery key, and therefore is unable to access his/her Bookeo account.
Before disabling MFA, you should verify the identity of the requester (do not just trust an email), and also discuss how they should better protect their device and recovery key in the future.
1. Log into your Bookeo account as the account owner or as a super-manager
2. Click on the icon in the top right corner of your dashboard
3. Click on Users
4. Click on the account user
5. In the User section, click on the Disable[8] link next to MFA.
6. Click OK to confirm that you want to disable the MFA feature for this account user
7. For security reasons, you will be prompted to input your Bookeo account password. Input your password
8. Click OK
You can then also set that the user must enable MFA again within a certain timeframe - see sections above.