Announcing two-factor authentication for Jotform Enterprise

Announcing two-factor authentication for Jotform Enterprise

Looking to boost your organization’s security?

You’re in the right place! We’re thrilled to announce two-factor authentication for Jotform Enterprise. With this extra layer of security, you can safeguard user accounts and sensitive form submission data.

What is two-factor authentication (2FA)?

Available now to all Jotform Enterprise users at no additional cost, two-factor authentication (2FA) is an industry-leading security measure that requires two forms of authentication for a successful login. In short, a password alone isn’t going to cut it anymore.

According to Microsoft, 2FA can block over 99.9 percent of automated cyberattacks by keeping accounts secure even in the event of a compromised password. Pairing 2FA with strong account passwords organization-wide is a perfect way to ensure maximum security for you, your team, your customers, and your data.

How to use two-factor authentication

While two-factor authentication is a fantastic security tool, it isn’t necessary when using other secure login solutions, such as Single Sign-On (SSO) for Enterprise. For this reason, 2FA is disabled by default on all Jotform Enterprise servers.

To enable 2FA on your Enterprise server, go to the Settings tab within your Admin Console. Next, scroll down until you see the Two-Factor Authentication Settings section. Here, click the toggle switch to turn on 2FA.

Settings Tab in Jotform Admin Console Toggling the Switch of Two-Factor Authentication to On

By default, turning on 2FA enables your users to set up 2FA if they would like to, but it doesn’t require them to. If you would like to require all your users to use 2FA, check the Require two-factor authentication for all users box under 2FA settings in the Admin Console. If required, users will be forced to set up 2FA, and will not be able to disable it.

Viewing Two-Factor Authentication Settings

After checking this box, you’ll be asked to confirm the enforcement of required 2FA. You’ll also have the option to automatically notify all your Enterprise users with a prewritten email informing them that two-factor authentication is now required.

Viewing the Confirmation Window Displaying the Message "Are you sure you want to enforce two-factor authentication (2FA) for all system users?"

If a server admin turns on but doesn’t require 2FA, users within the Enterprise server will have the option to enable it for their individual logins. To enable 2FA as a user, go to the Security tab within user settings. Here, you can toggle 2FA on and off at the user level.

Viewing the Security Tab in User Settings Highlighting Two-Factor Authentication (2FA) Section

Turning on 2FA for your account in the user settings prompts you to set up a second authentication method. You can use any authenticator mobile app or web extension of your choice to either scan the provided QR code, or enter the provided manual setup code.

Viewing the Configure the Authenticator App Window

After successfully pairing your authenticator app or web extension, enter the six-digit 2FA code generated by your authenticator into the popup window in Jotform to enable 2FA. As a final step, you’ll receive backup login codes, which you can use to access your account in the event you lose a 2FA-paired device. Make sure to keep these codes somewhere safe!

With 2FA enabled, you will be prompted to enter both your account password and six-digit authenticator code to log into your Jotform Enterprise account.

Entering the Six-digit Authenticator Code to Log Into Your Account

Your six-digit authenticator code will frequently change to ensure maximum security, so make sure to have your authenticator on hand whenever you want to log into your account.

In summary, below are the following options for using 2FA on your Enterprise server:

  • 2FA off: No users are able to use 2FA.
  • 2FA on: Users can choose to set up and use 2FA.
  • 2FA on + required: Users are required to set up and use 2FA.

Admin oversight with 2FA

The Enterprise Admin Console makes monitoring 2FA usage among your server users easy. To view high-level oversight of your organizational 2FA usage, go to the Users section within your Admin Console. Here, you’ll see a 2FA Status column on the far right. This status column can contain any of the following:

  • Not Set Up: 2FA is enabled on the server, but the user has not configured their authenticator app.
  • Enabled: 2FA is enabled on the server, and the user has configured their authenticator app.
  • Disabled: The user has disabled 2FA.
Viewing the Users Section in Admin Console, Showing the 2FA Status Column on the Far Right

You can enforce 2FA for a specific user or group of users in the Users section of the Admin Console. This is useful if you want to require 2FA for certain teams, such as IT, but not for your entire organization. To enforce 2FA for a specific user, open the menu to the right of 2FA Status, then click 2FA Settings.

Opening the Menu to the Right of 2FA Status and Clicking on 2FA Settings

Once in 2FA Settings, click Require two-factor authentication (2FA) for this user to require 2FA for a specific user. In the 2FA settings window, server admins can also reset 2FA for users who have lost their authentication app and recovery codes.

2FA Settings Window Viewing "Require two-factor authentication (2FA) for this user" Setting

We hope you and your team can use two-factor authentication to boost organizational security and protect sensitive form submission data. If you’re looking to boost your login security and efficiency with quicker sign-in and prefill options, check out Single Sign-On (SSO) for Jotform Enterprise.

Griffin is an enterprise marketing coordinator at Jotform. Having worked with multiple tech startups, he has a particular passion for storytelling and content creation. Outside of work, Griffin enjoys filmmaking, photography, and fashion. You can reach Griffin through his contact form..

Send Comment:

Jotform Avatar
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Podo Comment Be the first to comment.