Two-factor authentication(2FA)
Prevent unauthorized access to user accounts
Two-factor authentication (2FA) provides an additional level of security to your users’ BrowserStack account. With 2FA enabled, every user who logs in must authenticate with a one-time code in addition to entering their username and password to sign in.
Methods supported for 2FA
The supported methods are:
- Authenticator apps: Time-based one-time password (TOTP) application that automatically generates an authentication code which changes after a certain period of time. We recommend using cloud-based TOTP apps such as: Google Authenticator, Duo Mobile, Authy, Microsoft
- Email: Authentication code is sent in on your email.
Users can choose from any of the above options.
- Two-factor authentication does not affect BrowserStack API use.
- Two-factor authentication does not affect authentication using Single Sign-On. In this case, you will need to enable two-factor from your identity provider instead.
Enforce 2FA for your organization
Owner can enforce Two-factor authentication for all the organization members on BrowserStack. Below are the steps that needs to be followed to enforce 2FA for your organization:
- As an Owner, Sign in to BrowserStack with your credentials.
- Go to Account > Security and select Authentication from the side-nav menu.
- Go to Enforce two-factor authentication and click Configure.
- A confirmation dialog will open. Once you click Confirm, 2FA will be enforced for your organization.
- Post enforcement, each team member will be required to enable 2FA on their own account and an email will be sent informing them about the change.
- Users will get a grace period of 7 days. Within the 7 days window users can setup or skip the 2FA.
- Post 7 days window, users who have not set up 2FA will be logged out of their active session. 2FA enforcement will take effect during the next sign-in attempt, where they would be required to go through the mandatory 2FA setup process.
How will enforcing 2FA affect newly invited user?
Newly invited members will be required to enable 2FA after accepting the invitation to join your organization.
How will enforcing 2FA affect existing user?
Once 2FA is enforced, users will be notified about the 2FA enforecement via email and asking them to set up 2FA. It will not log your team member out of their web sessions, and won’t interrupt their workflow. Instead user will have an option to skip 2FA setup for a period of 7 days. Post the 7 days window, users will be logged out automatically if they do not set up 2FA till that point. As a result, the next time they sign in, they will be force required to enable 2FA.
You can view status of 2fA from User Management. Users with 2FA setup not yet completed will appear as 2FA pending
Who can enforce 2FA?
User with Owner permissions has permissions to manage 2FA settings for the organization.
Reset 2FA for a user
Owner can reset a current 2FA setup if a user lost access to their 2FA setup.
- As an Owner, Sign in to BrowserStack with your credentials.
- Go to Account > User Management > Click Users tab
- Click the 3 dots for the user you want to reset 2FA for. Click Reset 2FA. The next time the user signs in, they will be prompted to set up 2FA again.
Steps to enable 2FA on a BrowserStack user account
Users need to follow the steps below to enable 2FA.
- Sign in to BrowserStack.
- Go to Account > Summary
- Go to Authentication & Security > Setup two-factor authentication. Click the Setup Now button.
- Select Use authenticator app or Use email as your authentication method.
Use authenticator app method
- Open the 2FA app on your mobile device.
- Tap the option to scan a QR code.
- Scan the QR code on the BrowserStack.
- The 2FA app will generate a 6-digit, one-time code.
- Enter the 6-digit code, then click Next.
- A list of recovery codes will be displayed. If you lose your mobile device, you can use a recovery code instead of a generated 6-digit code to sign in. Click Download & exit.
- If you lose your mobile device, you can use a recovery code instead of a generated 6-digit code to sign in.
- You can Download or Copy to store the recovery codes. Each recovery code can only be used once.
Use email method
Click Send code. Zoom will send a 6-digit, one-time code to your number. Open the SMS sent by Zoom. Copy the code in the SMS, then paste it in the Zoom web portal. Click Verify. Zoom will display a list of recovery codes. If you lose your mobile device, you can use a recovery code instead of a generated 6-digit code to sign in. Note: If you aren’t able to verify the code. Click Back then try again. Click Download or Print to store the recovery codes. Each recovery code can only be used once. Click Done.
How to edit 2FA setup (user)
After setting up 2FA, you can edit your existing setup if you want to edit the 2FA method, or generate new recovery codes.
- Sign in to BrowserStack.
- Go to Account > Summary
- Go to Authentication & Security > Setup two-factor authentication. Click the Edit details button.
- Go to Authetication tab
- You can change your 2FA method or Regenerate recovery codes.
Once 2FA has been enabled on a user account, the next time onwards when you sign in, BrowserStack will ask for the code generated from your 2FA app, or the code sent to you via email.
We're sorry to hear that. Please share your feedback so we can do better
Contact our Support team for immediate help while we work on improving our docs.
We're continuously improving our docs. We'd love to know what you liked
Is this page helping you?
Yes
No
We're sorry to hear that. Please share your feedback so we can do better
Contact our Support team for immediate help while we work on improving our docs.
We're continuously improving our docs. We'd love to know what you liked
Thank you for your valuable feedback!
