# Two-factor Authentication {% hint style="warning" %} Note that you'll only see this section if you have Owner user permissions. Learn more about permissions in [this article](/administration/global-settings/tenant/users.md). {% endhint %} ## Overview **Two-factor authentication** adds an extra layer of security by requiring users to provide additional verification beyond just their credentials. Typically, this means combining something the user knows (like a password) with something they have (like a mobile device). To use two-factor authentication as an authentication method, you must follow these steps: * An Admin user must activate two-factor authentication as the authentication method in a Tenant. * The Tenant users must then enable it once they log in again after that. ## Activate Two-Factor Authentication in your Tenant If you're an admin user, follow these steps to activate two-factor authentication for the users in your Tenant: {% stepper %} {% step %} Open the global settings menu by clicking your user icon at the bottom left of the screen. {% endstep %} {% step %} Click any of the options and select **Authentication** in the menu that appears. {% endstep %} {% step %} Once there, activate the **Two-factor authentication** toggle.

{% endstep %} {% endstepper %} Next time you or any other user logs in to that Tenant, they'll be prompted to enable two-factor authentication. ## Enable Two-Factor Authentication for your User Once your Admin has enabled two-factor authentication in your Tenant, you must follow these steps to enable it for your user: {% stepper %} {% step %} Log in to the Tenant. If you have been logged into Onum before enabling two-factor authentication, you'll be asked to verify your identity by entering your password or logging in with Google or Microsoft. For example, imagine your admin activates two-factor authentication in Tenant B while you are working in Tenant A. If you log in to Tenant A after that, you'll need to verify your identity.

After verifying your identity, you'll see this screen to enable two-factor authentication:

{% endstep %} {% step %} Now, download an authenticator app (Google Authenticator, Apple Passwords...) to generate the required two-factor authentication code. {% endstep %} {% step %} Use the app to scan the QR code that appears on the configuration screen. {% endstep %} {% step %} Finally, enter the 6-digit code generated by your app and click **Enable**. You'll get an email confirming that you've enabled two-factor authentication for your user. {% endstep %} {% endstepper %} Now your Tenant is configured to use two-factor authentication whenever you log in. Every time you log in, you'll be asked to enter a 6-digit code generated by your authenticator app. {% hint style="warning" %} Note that all the users in the Tenant will be prompted to enable two-factor authentication when an owner activates it. {% endhint %} ## Deactivate Two-Factor Authentication If an admin wants to deactivate two-factor authentication in a Tenant, they simply need to switch off the **Two-factor authentication** toggle. The Tenant authentication method will go back to email + password once users log in again. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.onum.com/administration/global-settings/tenant/authentication/two-factor-authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.