Two-factor authentication, or 2FA, is a security process that requires the user to provide two different forms of identification before being granted access to a board. When your board contains sensitive content, such as pricing data or product information, you can protect it by providing access with 2FA to authorized contacts only, as follows:
- Define the list of leads who are authorized to access the board and send them an invitation to view the protected board.
- When an authorized lead attempts to access the board, they are asked to verify their email address/domain.
- The authorized lead receives an email from email@example.com with a verification code to log into the board. The code is valid for 5 mins and the lead can perform up to 3 attempts to access the board. By default, the access remains valid for 30 days.
You can control access to your Folloze boards on different levels:
- Any domain: authorizes all domains.
- One or more selected domains: authorizes anyone that arrives from a specific domain, or a list of specific domains. For example, you can select “folloze.com” to allow access to anyone entering from this domain, whether they are invited to the board or not.
- Only specific invited recipients by email campaign: authorizes specific recipients, including board owner, editor and subscriber.
If the lead is either from the selected domain or explicitly invited to the board, they can access the board.
Using the Select Domain list, you can allow a specific domain or multiple domains access to your board. Additionally, you can disable this list and consequently block any domains from entering your board. In this case, only specific people you invited in a campaign can access the board.
You can decide to revoke access from a specific domain that formerly had access. By removing this domain from the list of selected domains, leads that were not explicitly invited from this domain cannot enter the board any longer.
To configure 2 Factor Authentication:
- Go to the Settings tab > Access and Security.
- Enable Select Domain and select the domains that can access your board.
- Any value: All domains can access the board
- One or more domains: A specific domain or multiple domains from the multi-select list can access the board.
- Add Domain: a domain of your choice not included in the list. After entering the domain name, click Add.
3. Click Done.
4. To block all domains from entering and only allow access to invited people, disable the Select Domain toggle. When this toggle is disabled, you cannot select any domains from the list and you allow access to invited people only.
5. To allow access to invited recipients only, enable the checkbox Allow access to people you invite.
The list of recipients authorized to access the board is added by the campaign from Folloze, or by creating a trackable URL so all the recipients that appear in the Pulse Table are invited to access the board. If the checkbox is selected, all contacts invited by email or a trackable link are automatically authorized. If the email recipient shares the link with another person, they are not granted access. They need to be invited directly to view the board.
To learn more about tracking URLs, read Sharing Content Items.
6. To add a Privacy Message on the 2FA form, select a message from the drop-down list of available privacy messages. This is an identical list of privacy messages that can be added to forms. To learn more, see Adding Privacy Messages on Forms.
- To choose not to show any privacy message, select None.
7. Select the appropriate option for authentication requirements.
- Require re-authentication after ⬜ Days: leads are required to reauthenticate after a specific number of days. The default time limit is 30 days.
- Set the number of days the password is valid for. After this time has elapsed the lead is required to provide their password again. For example, if you set a 30 day time limit, the lead will only be prompted to reauthenticate after 30 days.
- Require re-authentication for each session: leads are required to re-authenticate on each board visit. The duration of each board session is 30 minutes. If a lead visits a board within 30 minutes of their previous visit, they are not required to reauthenticate.
8. Set the Code Expiration time in hours and minutes. The user will receive a code by email and it will be valid for this amount of time. The maximum code limit is 24 hours and the default time is 15 minutes.
9. Click Save Settings.
Leads will receive an email including a direct link to the board without having to enter the code manually.
The Admin can choose the email address for 2FA as well as the email display name in the Admin privacy settings.