- Google Two-Factor
Starting in version 3.6.0, Snipe-IT now supports Google Authenticator two-factor authentication. To turn this on, simply turn it on in your Admin > Settings.
The three options available are:
| Option | Description |
|---|---|
| Disabled | Two-factor will not be enforced for any users. |
| Selective | Users can opt-in to enable two-factor authentication in their profile if their individual or group permissions allow it. |
| Required | All users must use two-factor authentication. |
Device Enrollment
The first time a user attempts to login to an account with two-factor enabled or required, they will be presented with a QR code to add the two-factor configuration to their device. They should simply be able to scan the QR code from within the Google Authenticator or Authy apps, and enter the verification code.
Enabling/Disabling Per User
If your two-factor settings are set to "Selective", you can disable or enable two-factor on specific users by editing their settings within People > Edit User.
If you want to prevent the user from changing this setting in their profile, make sure you disallow that permission in their user or group Permissions.
Resetting the Two-Factor Device for a User
In that same section of the user's profile, you'll see an option to reset the two-factor secret. You'll want to do this if, for example, your user's device is lost or stolen. It will clear the Google Authenticator secret and will present them with a new QR configuration the next time they login, so they can register their new device. You can find that button on the Edit User page.
Updated over 5 years ago