Two-step authentication in Bitrix24 protects you from instances when your login and password are stolen, either by spyware or a rogue employee. First, you log in with your regular login and password, then you receive your second password via your mobile phone app, enter it – only then you are able to access your account.
How to enable two-step authentication
Open your profile page > click Security.
Follow the instructions provided at the Extra Security Options page:
- Download the Bitrix24 OTP mobile app on Google Play or on App Store;
- Launch the application and tap the icon to add a new account;
- Scan the QR code or enter the code manually;
- Enter the confirmation code.
Done! You need to enter your one-time password generated in the Bitrix24 OTP app each time you log in to your Bitrix24 account.
Two-step authentication in Bitrix24 is set for a specific user's phone (not a number, but the device). So if you've decided to change your phone or have lost it, you'll need to configure two-step authentication again. But to re-configure it, you need to log in to your Bitrix24 and enter your one-time password. For such cases, you can use one of your Recovery codes. Each code can be used only once. We strongly recommend you to print these codes or to save them to a text file.
If users who have activated two-step authorization are also using any outside services that synchronize data with Bitrix24 accounts (mobile and desktop apps, MS Office, MS Outlook, Google Calendars, etc.), a special separate password needs to be generated for each app in order to keep the app synchronized with Bitrix24.
You can get these passwords in the Application passwords section.
For mobile and desktop applications, the password is generated automatically when you first log in after entering the one-time password. But you can also get a special password on the "Application passwords" page first and use it instead of the password in the mobile and desktop apps.
Make two-step authentication mandatory for all users
If you want to make two-step authentication mandatory for all users, click Settings in the main menu > scroll down to the Security section and enable the Make two-step authorization mandatory for all users option. Also, you can Specify the period of time within which all the employees will have to enable two-step authentication.
Wrong OTP Error
In case you have configured the OTP option correctly, but the password generated by the phone OTP app is not accepted – the problem may be connected with the Time Settings of your phone. Right now the OTP password has an activity time frame of 30 minutes. If your phone and your Bitrix24 time difference is more than 30 minutes, you won’t be able to log in. You should set the same time zone for your Bitrix24 account and your phone.
Two-step authentication in Bitrix24 On-Premise
Two-step authentication by time (TOTP) and by counter (HOTP) is available in Bitrix24 On-Premise version.
You can connect two-step authentication through the mobile app or special electronic devices - key fobs, such as eToken.
First you need to enable two-step authentication in the administrative interface in Proactive protection → Two-step authentication section.
Make the necessary settings in the Settings tab, in particular set the default password generation algorithm - by time (TOTP) or by counter (HOTP).
Then you can choose connection via the public part in user page My Bitrix24.
You can also connect two-step authentication in the administrative interface. Go to the user profile and select the desired option in the Two-step authentication tab.
In the administrative interface in the user profile, you can select any option to connect two-step authorization. In the public part in My Page, you can connect only in the way that is selected by default in the settings of the Proactive protection module.