Two-factor authentication (2FA)

·

SummitPSA supports app-based two-factor authentication (2FA) using time-based one-time passwords (TOTP), compatible with apps such as Google Authenticator, Microsoft Authenticator, and Authy.

When you're prompted

2FA can be required per agent. Admins can flag Require 2FA when creating or editing an agent; agents in the super_admin and admin roles are re-flagged as required whenever their 2FA is reset. If 2FA is required and not yet set up, you are sent to enrolment right after any forced password change at login.

Enrolling

  1. At the 2FA setup screen, scan the displayed QR code with your authenticator app, or enter the manual secret shown beneath it. The account appears under the issuer SummitPSA.
  2. Enter the 6-digit code your app generates to confirm.
  3. Once the code matches, 2FA is enabled and you're signed in.

Logging in afterwards

On subsequent sign-ins, after your password you'll enter the current code from your app. Verification allows a one-step time window to tolerate minor clock drift. Failed and successful 2FA attempts are recorded in the audit log.

Lost your device?

Ask an administrator with the users.manage permission to Reset 2FA on your agent record. This clears your enrolment so you can set up a new device at your next login. See Resetting an agent's password or access.

Was this article helpful?
Still need help? Contact SummitPSA support.