2FA / 2-Step Verification

With 2-Step Verification, also known as “Two Factor Authentication” (or 2FA for short), you'll protect your user accounts with something they know (their passwords) and something they have (their mobile devices). With 2-Step Verification, if a bad guy gets his hands on a user's password, he'll still need the user's mobile device in order to sign into the FileRun account.

Signing in to the FileRun account will work a bit different

1. Whenever your users sign in to FileRun, they'll enter their passwords as usual.

2. Then, they'll be asked for a code that will be generated by a mobile app such as Google Authenticator (iOS version) or Microsoft Authenticator (available for both Android and iOS). These codes can be used only once and their are valid for about 60 seconds (just enough time to allow you to type them in).

The option can be turned on or off by the administrator, for each FileRun user account. It requires no effort from the admin user. Just click the “Enable 2-step verification” checkbox available when adding or editing a user account.

When a FileRun user with 2-step verification enabled tried to sign into his account for the first time, he will be asked to scan a QR code with his mobile, using the “Google/Microsoft Authenticator” app.

Note: As FileRun follows the RFC6238 standard for TOTP security tokens, “Google/Microsoft Authenticator” are not the only apps that can be used. “Authy” (https://www.authy.com) or “Tokenizator” are examples of other programs that can have been tested to work with FileRun.

Follow these steps:

  1. Install “Google/Microsoft Authenticator” using your mobile's app store.
  2. Open “Google/Microsoft Authenticator” app and tap the (+) button or “Add account”.
  3. Tap “Scan a barcode” and point the mobile device's camera at the bar code on the computer screen.
  4. Click “Done” on FileRun's login page.
  5. Type inside the FileRun login form the verification code displayed on your mobile device.

After you have added your FileRun account to Google/Microsoft Authenticator, you will no longer be asked to scan a bar code, but only to provide the verification code.

To speed the login process up and avoid the above message, simply type in the verification in the same field as your password, separated by a forward slash character.

For example, if your password is MyPassword and the code is 123456. Type inside the password field MyPassword/123456.

If you have a new mobile device, use the “Forgot password?” link (available on the FileRun login form) to reset your password.

This will also render useless the codes generated with “Google/Microsoft Authenticator” on the old mobile device.

The superuser can also reset a user's 2-step verification from the FileRun control panel.

Use the “Connect app” option to generate a new set of credentials, which do not require 2-step verification, and which are limited to the use of WebDAV and the API. Do note that this option requires the FileRun API to be enabled.