Two-Factor Authentication (2FA)

Individual users can activate Two-Factor Authentication (2FA) to protect their accounts from unauthorized access. Users can use a 2FA app of their choice on their mobile phone or tablet.

*This feature is available for users who access Concord via email and password. Users who access Concord via company Single Sign on (SSO) or Google can activate 2FA in their respective identity provider's settings. 

 

How to enable two-factor authentication in Concord

  1. From your home page, select the ⚙ icon at the bottom left-hand corner.
  2. Go to Personal Details
  3. In the Two-factor authentication section, click the Set up button.
  4. Enter your Concord account password and click Continue.
  5. Follow the instructions in the Enable two-factor authentication pop-up.
  6. If you don't already have a 2FA app installed, download one to your mobile device or tablet.
    • Most one-time password (OTP) applications can be used with Concord.
    • Examples of commonly used apps include Google Authenticator, Authy, and LastPass Authenticator. Open the app and scan the QR code from the modal.
  1. Enter the verification code generated by the app into the field labeled Enter code.
  2. Click the Activate button.

Logging Into Concord with 2FA

  1. On the Login page, enter your email and password
  2. Open your two-factor authentication app on your mobile device or tablet
  3. Enter the code generated by your application, or enter an unused recovery code

  4. Click Submit

Using a Recovery Code

Recovery codes can be used in an event where a user has lost their phone and is unable to access their 2FA app.

  1. On the Login page, enter your email and password
  2. Enter one of your unused recovery codes in place of a code provided by your two-factor authentication app
  3. Click Submit

If a user has lost their recovery codes and loses their mobile device, please reach out to Concord support at support@concord.app for assistance. 

Note: Each recovery code can only be used once.

Disable Two-Factor Authentication

  1. From your home page, select the ⚙ icon at the bottom left-hand corner.
  2. Go to Personal Details
  3. In the Two-factor authentication section, click the Set up button
  4. Confirm your password
  5. Click the Disable 2FA button

Note: You can now safely remove the entry for your Concord account from your authentication app.

Which Users Have 2FA Enabled? 

Concord account Administrators and Team Managers can view which users have enabled Two-factor authentication by following these steps:

  1. From your home page, select the ⚙ icon at the bottom left-hand corner.
  2. Under Company, Select Users.
  3. View the 2FA column.

Two-factor authentication can only be set up by individual users; admins are unable to require two-factor authentication. The exception is when using single sign-on (SSO), and it is required through the SSO provider.


Users that have disabled or not yet activated Two-factor authentication will have Disabled listed in the 2FA column.

Learn more about Requiring double authentication (2FA) to sign