Multi-Factor Authentication

To further increase the security of your Applysia account, you can activate multi-factor authentication for your account. Once activated, you will need to complete an additional verification step when logging in, in addition to entering your password. This makes your account significantly more secure, as knowing your password alone is not enough for an attacker to gain access to your account.

To use multi-factor authentication, you need to link a device to your account that can generate one-time passwords. For this purpose, you can install an app on your smartphone or tablet that generates a 6-digit code, which must be entered each time you log in. Since only you have access to this device, others can no longer access your account, even if they know your password.

Setup

To activate multi-factor authentication, you must first select the workspace and log in with the account for which multi-factor authentication should be enabled. If you have different accounts in different workspaces and want to enable multi-factor authentication for all accounts, you must complete this process separately for each account. After logging in, click your name in the top-right corner and then select Settings from the dropdown menu. Next, click Security in the navigation on the left to open the security settings page, where you can manage options such as multi-factor authentication.

• Google Authenticator
• Microsoft Authenticator
• Authy

After installing an app, scan the QR code with the app. You should then see the application Applysia and the email address of your account. Depending on the authenticator app you use, you may need to select the application to view the one-time password, or the code may be displayed directly next to it. Now enter a name for this device in the Device name field below the QR code. Then enter a one-time password from the app in the One-time password (OTP) code field before the code expires. Finally, click Save to link the device to your account.

Login

The next time you log in with your account, you will be asked to confirm the login using a one-time password. To do this, go to the login page of the workspace with an account that has already been linked to a device.
After entering your email address and password, a new page will appear where you must enter a valid one-time password. Open the authenticator app of your choice and enter a one-time password in the One-time password field. Confirm your entry by clicking Submit. You will then be redirected to the start view configured for your account.

If you log in using Single Sign-On instead, you will also be asked to enter a one-time password after being redirected back to Applysia.

Mandatory Use

If a Workspace Owner has made multi-factor authentication mandatory for all users of a workspace, users must either enter a one-time password using a linked device or set up a new device immediately during login.
If you do not yet have a linked device and your Workspace Owner has enabled this setting, log in as usual. It does not matter whether you log in using an email address and password or via Single Sign-On. Applysia will then prompt you to link a device to your account. As intended by the Workspace Owner, this step cannot be skipped.

Similar to setting up multi-factor authentication manually as described under Setup, you can scan a QR code to link a device to your account. Here, too, you need to have an authenticator app installed in order to generate one-time passwords. Possible options are listed under Setup.

Before you can use your account again, you must briefly confirm that you have received the backup codes. Store these codes in a secure location, such as a password manager. You can download the backup codes by clicking Download. Click Confirm to complete the setup of mandatory multi-factor authentication and continue using your account as usual.

If you cancel the confirmation, you will be logged out, as confirming receipt of the backup codes is required to ensure that you have received them.

Restoring Access

If you lose access to your device, you can regain access to your account by using a backup code. When you add your first device, a set of backup codes is generated. In an emergency, these codes can be entered during login instead of a one-time password.
Store these codes carefully, as they do not expire. A backup code only becomes invalid once it has been used.

Never share backup codes with anyone else. These codes are personal secrets and should be stored carefully. If you lose your backup codes or access to your account, please contact your Workspace Owner. Applysia Support will not restore access for you, as we cannot verify such requests with absolute certainty.

To view the backup codes in your account, log in as usual. Click your name in the top-right corner of the navigation and then click Settings. Next, click Security in the navigation on the left. If you have linked at least one device to your account, you will see a list of all valid backup codes for your account below the devices.

Regenerating backup codes will invalidate all previously generated backup codes that are still valid.