Enabling 2 Factor Authentication (2FA) on your user account

How to enable 2FA when you log in

Step-by-step guidance for users required to use 2FA

Once 2FA is enabled site-wide and set as required for all users, the next time you log in you'll be prompted to set-up 2FA prior to being able to access the admin side of your Citizen Space site.

To set up 2FA:

  1. Log in to your Citizen Space site.

  2. The next screen will prompt you to set up with your 2FA, providing a QR code to scan with your authenticator app. Your authenticator tool should offer you an option to do this and the explanation of how QR code scanning works on that particular tool.

    The 2FA setup screen logged in users will need to complete in order to access Citizen Space if 2FA is set to required for all users. Includes a QR code to scan along, a token field and a button to activate once ready.

  3. Once scanned, it should provide you with a passcode/token - enter this into the 'Token' field and then select to 'Activate two-factor authentication'.

    It's worth noting here that some authentication tools may require you to add your Citizen Space log in details to them first before the QR code scanning option is available, others will automatically link to your account from the QR code. Follow the guidance from your IT team or on the tool itself for how yours works.

  4. As long as you've entered a valid token, you'll be taken back to your profile confirming you are logged in.

    The user profile screen with a banner showing the user has successful logged in.

Step-by-step guidance for users with the option to use 2FA

Once 2FA is enabled site-wide, you'll log in next time exactly as you would normally because 2FA hasn't been activated on your user profile yet.

To activate it once you're in:

  1. If you aren't taken there directly, head to your user profile by selecting your name in the top right of the screen and then 'My profile'.
  2. Select 'Activate 2FA' from the top right of your profile.

A user profile in Citizen Space showing where to find the Activate 2FA link, which is highlighted in the top right corner.

  1. From there, you'll be shown the step to link your account with your authenticator tool. Get your authenticator application/device open, and scan the QR code. Your authenticator tool should offer you an option to do this and the explanation of how QR code scanning works on that particular tool.

  2. Once scanned, it should provide you with a passcode/token - enter this into the 'Token' field and then select to 'Activate two-factor authentication'.

    It's worth noting here that some authentication tools may require you to add your Citizen Space log in details to them first before the QR code scanning option is available, others will automatically link to your account from the QR code. Follow the guidance from your IT team or on the tool itself for how yours works. 

The QR code screen with the Token field for populating the passcode from your authenticator.

  1. As long as you've entered a valid token, you'll be taken back to your profile confirming 2FA is enabled.

The user profile screen again, but this time with a banner showing that 2FA has been enabled.

Video guidance

This video walks through the steps to enable 2FA, in it we use Microsoft Authenticator, which is an authentication app for smartphones and tablets. You may be using another authenticator in your organisation and guidance for using that should be able to be found in the tool itself or via your IT team or other colleagues, but the concept will be very similar.

Logging in with 2FA enabled

Next time you log in you'll enter your email and password as usual, and as long as those are correct, then you'll get the next screen which asks you to enter a one-time passcode from your authenticator tool.

Depending on the tool you have — if it's linked to your browser and log in details for Citizen Space then it may populate this field for you. For other tools, you will have to open your authenticator app or device, find the entry for your Citizen Space account, and type the code it gives you into the field on Citizen Space.

This code will change every minute or so, so you'll need to put in the most recent one on screen. Don't write the passcodes down anywhere because they are irrelevant once they have expired. Part of the security of time-based, one-time passcodes is that they change regularly, so you always have to have the linked authentication tool or device to be able to get the current code which will unlock your account.

Once your code is in, select 'Log in' and you should be good to go.

Troubleshooting

Lost or not working authentication app or device

If an authenticator app or device is lost or not working then you'll need to contact your IT team or whoever provided the authenticator to you for help in getting a new one or fixing the issue with it.

For Site Admin: if you can fix the issue with the authenticator and help them get access, then great. If you can't help or the device has been lost, then as long as you are logged in to Citizen Space yourself then you can go into their user profile and disable 2FA for their account so they can access Citizen Space. For more detailed site admin guidance, including what to do if you're the one who has lost your authenticator or it isn't working, please see the 'Troubleshooting' section on our 2-Factor authentication guide for organisations.

Re-enabling 2FA once it has been disabled on an account

If 2FA has been disabled on an account, when it's re-enabled it will need to be set up again by following the initial steps in this article and rescanning the QR code provided on screen. The authenticator needs to be linked with the account again so that it can provide you with a new token, it won't work if an existing passcode is put into the Token field without relinking the account details with the authenticator and rescanning the QR code. These steps have to be done by the account holder.

Other (hopefully) useful things

Deactivation email

If you've enabled 2FA and for some reason it then gets disabled on your account, you'll get an email letting you know this has happened. This is a further security measure so if it's been deactivated without your knowledge you can take steps to secure your account.