Two-step authentication

May 6, 2024

Erply supports two-step authentication.

How to set up

In back office, please go to Settings > “Configuration Admin” > “Login & Security Settings”.

Check the following three boxes:

  1. Allow Only
  2. Allow Multi-Factor Authentication
  3. Multi-Factor Authentication Is Mandatory

To test how the feature works, it is OK to leave the last box unchecked at first. In actual use, however, we recommend to make two-step authentication mandatory for all users. 

Mandatory two-step authentication means that if a user has not configured the second step yet, they can do it on their next login.

Two-step authentication in the point of sale

Using two-step authentication requires Brazil POS (is not supported by Berlin POS) and requires authenticating via

Supported methods

Users can get login confirmation codes by email, or enter a six-digit confirmation code from an authenticator app.

There are two options listed, “Google authenticator app” and “Microsoft authenticator app”, but the two are interchangeable and follow the same standard; it does not matter which one to use.

Furthermore, there is no requirement to use these two apps specifically. Any authenticator app or password manager with support for time-based one-time passwords (TOTP) will work, including:

  • 1Password
  • KeePass
  • Bitwarden
  • Authy
  • and others

Administrator's options

To see what second step method a user has picked, go to Settings > “Multi-account users” > “Users”.

An administrator can set up an email address for another user (under the button “Update two-factor settings”). It is not possible to set up an authenticator app for another user, since the enrolment flow requires the user and their app/device to be present.