Two-factor authentication (2FA) is a more secure method to prove a user's identity and protect access to your CosmoLex account. SMS-based 2FA requires users to provide their password as well as a One-Time Password (OTP) code they received on their mobile device as additional proof of identity. CosmoLex supports 2FA via text message (SMS).
To set up, first each user must have a cell phone number associated with their user account. To do so, go to Account Management >User Management > User and edit each user to add their cell phone number. Once saved, you will be prompted to enter YOUR password for verification.
Even though a cell phone is required for each user, you do not have to have 2FA enabled for all users. Once 2FA is turned on, you can return to the edit user page to disable this feature.
- Go to Setup > Firm Settings > Firm Preferences
- Scroll down to Two Factor Authentication and turn it on.
- You will be prompted to enter your password as well as a verification code which was just texted to you.
- Note that if at any time you wish to turn OFF 2FA for the firm. return to this area, and turn this setting to OFF. That will disable this function for all users of the firm.
- Once enabled, all users will then be prompted to enter a verification code upon logging in. There is a "remember this computer for 30 days" box that can be checked to not be prompted on this device for another 30 days.
Disable/Enable Per User
- If you wish to disable 2FA for one or more users after it has been enabled on the firm level, go to Account Management > User Management > User and edit that user.
- Here you can click on the toggle to turn 2FA off for this user. Save, and you will be prompted to enter YOUR password for verification.
**Note that after disabling 2FA this user's account will no longer be protected by SMS verification or notification when the account is accessed from another device.
- To turn this setting back on for this user, return to the edit user screen and turn ON the same setting.