Configuring a 2FA app
SECURITY All users
NAVIGATION My > Miscellaneous > Settings > Authentication Code Options
IMPORTANT Authentication code emailing is no longer supported.
Autotask supports authentication codes for two-factor authentication (2FA) in both the Autotask and the Datto RMM applications. The authentication code is generated by an app you install on your mobile device.
Any app that uses an authentication code (such as Duo, Microsoft Authenticator, or Google Authenticator) should be compatible with both Autotask and Datto RMM. If you have two separate accounts for Autotask and Datto RMM, you only need to put in the authentication code for the first application you log into. Navigation to the other application is seamless.
NOTE The instructions below were tested for Duo, Microsoft Authenticator and for Google Authenticator. We cannot test all available applications. If you are using a different app, please follow the instructions provided by that app's support resources.
How to...
To start using an authentication app, do the following:
- Depending on your operating system, go to the App Store or the Play Store and search for Duo, Microsoft Authenticator, Google Authenticator, or another app of your choice.
- Install the app according to the instructions for Duo, Google Authenticator, Microsoft Authenticator, or another app of your choice.
- Log into Autotask and go to > My > Miscellaneous > Settings.
- Click Authentication Code Options.
- Click Request New QR Code.
The window will expand and display a QR code.
- Open Authenticator on your mobile device and click the + symbol, or from the menu, select Set up account.
- Click Scan a barcode.
- Place the barcode inside the viewfinder rectangle to scan it. Authenticator will display a six-digit one-time code that is valid for 30 seconds.
- Enter the code into the Generated Code field. Check the show check box to display the generated code in clear text.
- Enter your Autotask password into the Autotask Password field.
- Click Validate. If you entered the correct code and password, a success notification will be displayed.
You have now set up a valid Autotask account in Microsoft Authenticator or Google Authenticator. It will generate a new authentication code every 30 seconds, even when you are not connected to a network.
IMPORTANT Since 2FA is time-based, you must retrieve the time for your time zone automatically for authentication code options to work, not set it manually.
The Authentication Code configuration page does not currently provide a visible key code for manual entry.
If your preferred app, for example, Authenticator, includes a manual entry option, you can use an external QR code reader app on your browser, for example, Google's Right-click QR reader extension.
- Download the QR code reader app to the browser you use to open Autotask. Then complete steps 1 through 5 under Set up an Autotask account with Microsoft Authenticator or Google Authenticator.
- Use the QR code reader app to read the QR code on the One Time Password Options page. The app displays a string similar to the one below:
otpauth://totp/Autotask:username@domain.com?secret=abcdefghijklmnop
username@domain.com should be your Autotask username. The 16 character string after = is the key code.
- Open the authentication app on your phone and go to the account setup page. Select the manual entry option (the option name varies between apps).
- Enter the Autotask username from the QR reader string into the Account or User field (field name varies between authentication apps). Then enter the 16 character key code (everything after =) in the key code field. Save.
- The phone should start to generate one time password codes. Now, sync your phone with Autotask.
- Return to the One Time Password Options page in Autotask.
- Enter the current one time password from your phone into the Generated Code field. Select the show check box to display the generated code in clear text.
- Enter your Autotask password in the Password field.
- Click validate.
NOTE The One Time Password is valid for 30 seconds! IF you fail to enter the generated code and your Autotask password and click Validate within 30 seconds, repeat with a newly generated code.
If you lose your authentication device, you can ask an administrator to pause the 2FA requirement for the next log in or 24 hours. This allows you to log into Autotask and request a new QR code so you can set up an account on a different device. Refer to Set up your account with Microsoft Authenticator or Google Authenticator.
If your Autotask administrator removes the 2FA requirement from your account, you may want to remove your 2FA account from your mobile device.
- On your mobile device, open the Authenticator app.
- Touch the account entry until the top menu bar appears and tap the Delete (trash can) icon.
- Click Remove account.