Overview

The Two-Factor Authentication (2FA) feature enhances account security by requiring an additional verification step during login. This process ensures that only authorized users—whether clients or administrators—can access sensitive information and system resources within NIZU Cloud WorkSpace.

Once the 2FA plugin is installed and configured, users will be prompted to enroll through an Authenticator App such as Google Authenticator, Microsoft Authenticator, or Authy.

Client Login Process

When a client logs in to their NIZU portal and 2FA is enabled, they will be guided through the enrollment process:

1. Enrollment Prompt: Upon first login, the client will be prompted to activate 2FA.

2. QR Code & Secret Key: The system automatically generates a QR code and a secret key.

3. App Registration: The client scans the QR code using their preferred Authenticator App.

4. Verification: The client enters the One-Time Password (OTP) generated by the app to complete the setup.

5. Subsequent Logins: For every future login, the client must provide a valid OTP generated by their Authenticator App to gain access.

Administrator Login Process

For administrators, the process follows the same security principles:

1. Prompt on Login: Administrators will be asked to set up 2FA upon their first login if the feature is enabled.

2. QR Code Generation: The system displays a unique QR code and secret key for registration.

3. OTP Entry: After scanning the QR code, the administrator inputs the OTP to confirm activation.

4. Secure Access: On subsequent logins, the administrator will need to provide the OTP to access the admin panel.

Verification Flow & Session Management

• The 2FA prompt appears once per login session.

• Users will not be prompted again unless they log out or their session expires.

• In case of an incorrect OTP entry, the system provides a clear error message and an option to retry.

Resetting Two-Factor Authentication

If a user loses access to their Authenticator App (for instance, due to a lost or reset device), they will not be able to log in using 2FA. To restore access:

1. The user can submit a reset or re-enrollment request directly through the login interface.

2. This request will be reviewed and approved by an administrator.

3. Once the 2FA status is reset, the user can reconfigure their Authenticator App by scanning a new QR code.

This ensures a secure yet flexible recovery process without compromising account protection.

Best Practices

• Always store backup codes (if available) in a secure location or in NIZU Passwords.

• Avoid sharing QR codes or secret keys with anyone.

• Keep the Authenticator App updated to ensure compatibility and reliability.