Support Central
Everything you need to know to administer two-step verification in your organization and projects.
Two-step verification (2SV) is an extra layer of security and is also known as multi-factor authentication (MFA).
You already access Aconex or the Lobby using your email address and password. That’s the first step in two-step verification. The second step authenticates you using a physical device.
With two-step verification enabled, you use an authenticator app on your mobile device or computer to generate a unique code. You enter that code into the login page to get access. You'll need to generate and enter a new code from your authenticator app every time you log in. This ensures you’re the only person who can access your account.
If you use online banking or other cloud-based services, you may already be familiar with two-step verification.
It helps to prevent the situation in which a malicious party guesses your password and gains unauthorized access to your account. It also helps to avoid insecure practices like password sharing between users.
Users have the option to enable 2SV on their account, but you can make it required for certain projects.
As the Organization Administrator, you control how 2-Step Verification is applied within your organization and the projects it owns.
You can require that users in your organization have signed in with 2SV before they can access their project(s).
We recommend you do this in stages, so that you can help users understand the need for the additional security, and get set up.
This setting takes effect immediately. The next time the affected users try to access a project they will be prompted to enable 2SV if they haven't already.
Users will need to use the authenticator app every time they log into Aconex from this point on.
You can apply two-step verification to a project you own in the project’s preferences.
This means every collaborator on that project, including people outside your organization and those working with them through Aconex, must sign in with two-step verification before they can access your project.
We recommend you work with your project community to develop a two-step verification rollout plan before you implement this feature. Your Aconex representative can help you with this plan.
Users may also replace devices on which they’ve set up two-step verification. In that case, you’ll need to reset their enrolment, so they can set up their new device.
Note that disabling an account that uses two-step verification won't have immediate effect on mobile devices unless the user has logged out of their account on their mobile device. Otherwise, it may take up to 24 hours for their mobile account access to be disabled.
