- Google Two-Factor

Starting in version 3.6.0, Snipe-IT now supports Google Authenticator two-factor authentication. To turn this on, simply turn it on in your Admin > Settings.

1914

The three options available are:

OptionDescription
DisabledTwo-factor will not be enforced for any users.
SelectiveUsers can opt-in to enable two-factor authentication in their profile if their individual or group permissions allow it.
RequiredAll users must use two-factor authentication.

Device Enrollment

The first time a user attempts to login to an account with two-factor enabled or required, they will be presented with a QR code to add the two-factor configuration to their device. They should simply be able to scan the QR code from within the Google Authenticator or Authy apps, and enter the verification code.

Enabling/Disabling Per User

If your two-factor settings are set to "Selective", you can disable or enable two-factor on specific users by editing their settings within People > Edit User.

1654

If you want to prevent the user from changing this setting in their profile, make sure you disallow that permission in their user or group Permissions.

Resetting the Two-Factor Device for a User

In that same section of the user's profile, you'll see an option to reset the two-factor secret. You'll want to do this if, for example, your user's device is lost or stolen. It will clear the Google Authenticator secret and will present them with a new QR configuration the next time they login, so they can register their new device. You can find that button on the Edit User page.