The Credentially login/signup process can be managed with one of the following methods:
Passwordless login. By default, the Credentially login/signup process is managed by the technology of passwordless login ( via a secure one-time link).
Single Sign-On (SSO). You can also opt for the Credentially Single Sign-On, which Credentially connect upon request.
What is Credentially 2FA?
Credentially two-factor authentication (2FA) is an additional layer of protection used to ensure the security of online accounts beyond passwordless login. The system uses a mobile phone number as the second authentication factor.
General note: if you are Cyber Essentials Plus certified, you are required to have 2FA connected to your providers' software, providing they have this functionality.
How can I connect?
If you want to connect the Credentially 2FA, please email support@credentially.io or contact your Customer Success Manager.*
What is the 2FA login/signup process for users?
Once the Credentially team has enabled the 2FA functionality for your organisation, the login/signup process will be the following:
The user passes first-factor authentication by confirming their email address via the secure one-time link (via email) or via an SSO provider.
The user is then asked to enter their phone number to request a verification code:
3. The 4-digit verification code is sent via SMS.
4. The user submits the 4-digit verification code and, as a result, can successfully access their Credentially account.
Credentially tip: The system allows the staff member to reset 2FA authentication phone
number and the staff member has a 2FA phone number saved in their profile. Click on My profile in the top menu bar to reset!
The system allows the administrator to also reset 2FA authentication phone number on behalf of the staff member via the staff member admin panel.
Important:
The 2FA phone number belongs to the user account and is shared between all Credentially organisations in which they are registered.
The system requires the 2FA phone number to be unique for the successful login/signup.
To prevent any malicious acts, the system allows the user to send maximum 5 text messages per hour. If the user exceeds this limit, the system will block the option to send the 2FA code for the next 5 hours.
*The vast majority of customers can have this feature enabled free of charge. A very small minority of customers, particularly those on legacy pricing (non-per user pricing), may incur a small charge to support this feature. Your customer success representative can provide more details.