Configure Access Identity two-factor authentication

The Access Identity 2FA enforcement links directly to a domain rather than a user. Once you set up a domain for forced 2FA, this covers all users with email addresses within the domain.

To configure 2FA for a domain in Access Identity, follow the steps in each section below.

Your domains are on the right-hand side of your email addresses after the @ symbol. Usually, it's your company name followed by .com or .co.uk, for example, if the email address is test.test@theaccessgroup.com, the domain is theaccessgroup.com.
​
We recommend you use at least one email address from each domain you need to register, and ensure you can test emails with at least one user per domain.
​
If you're unsure, we recommend you contact your IT team.

Usually, someone from your IT department or HR team has access to the domain name server (DNS). You need to identify who can add a TXT record to this, to verify ownership of the domain.

If you haven't already, you need to register each domain with Access Identity, and register at least one email address per domain. To do this, go to https://identity.accessacloud.com/ and click Create New Account.
​
Once you've done this, all other users automatically move to Access Identity, without any impact on how they log in.

Complete the Access Identity Federation configuration for each domain. Your domain manager can assist you with this.

All users from a registered domain need to use 2FA to log in. To set this up, follow the steps below.

To test your setup, log out of Access Identity then go back to the homepage https://identity.accessacloud.com/ and enter your email address. When you click Next, if forced 2FA has applied, a prompt appears to set up 2FA.
​
Going forward, this becomes a mandatory login step for all users with the same email domain.