Erply supports two-step authentication.
How to set up
In back office, please go to Settings > “Configuration Admin” > “Login & Security Settings”.
Check the following three boxes:
- Allow Only login.erply.com
- Allow Multi-Factor Authentication
- Multi-Factor Authentication Is Mandatory
To test how the feature works, it is OK to leave the last box unchecked at first. In actual use, however, we recommend to make two-step authentication mandatory for all users.
Mandatory two-step authentication means that if a user has not configured the second step yet, they can do it on their next login.
Two-step authentication in the point of sale
Using two-step authentication requires Brazil POS (is not supported by Berlin POS) and requires authenticating via https://login.erply.com.
Supported methods
Users can get login confirmation codes by email, or enter a six-digit confirmation code from an authenticator app.
There are two options listed, “Google authenticator app” and “Microsoft authenticator app”, but the two are interchangeable and follow the same standard; it does not matter which one to use.
Furthermore, there is no requirement to use these two apps specifically. Any authenticator app or password manager with support for time-based one-time passwords (TOTP) will work, including:
- 1Password
- KeePass
- Bitwarden
- Authy
- and others
Administrator's options
To see what second step method a user has picked, go to Settings > “Multi-account users” > “Users”.
An administrator can set up an email address for another user (under the button “Update two-factor settings”). It is not possible to set up an authenticator app for another user, since the enrolment flow requires the user and their app/device to be present.