• Contents

Two-Factor Authentication

Last updated 29/09/2021

How to use Cin7's two-factor authentication (2FA) for increased login security.

Overview

Two-factor authentication (2FA) is a login security option that makes it more difficult for cybercriminals to impersonate users and gain access to a Cin7 account.

With 2FA enabled, in addition to providing their user ID and password (factor one), users are required to enter an additional security code (factor two) when they log in to their Cin7 account. The additional security code is generated by a third-party authenticator app installed on users' phones or desktops, such as Google Authenticator, Microsoft Authenticator, or Authy. Unless otherwise noted, Cin7 customers have options to:

  1. Enforce 2FA for all users that log in to their account
  2. Enforce 2FA for selected users
  3. Allow users to enable 2FA individually  

Note: Effective October 15, 2020, 2FA is mandatory for Cin7 customers that integrate with Xero. If you integrate Cin7 with Xero, 2FA will be automatically enabled and required for all users that log in to your Cin7 account. 

Each user must configure 2FA when logging in for the first time after 2FA is enabled (see Configuring 2FA below for details on how to configure 2FA). 

Enforcing 2FA for all users  

You can choose to require 2FA for all users that log in to your Cin7 account. To require 2FA for all users:

  1. Log in as an Administrator.
  2. Select your username in the top right and then select Account Details.
  3. Select the check-box labeled Enforce Two-Factor Authentication.
  4. Select Update.

Enforcing 2FA for selected users

You can choose to require 2FA for certain users that log in to your account. To require 2FA for a specific user:

  1. Log in as an Administrator.
  2. Select your username in the top right and then select Users.
  3. Find the user from the list, and select Select.
  4. Select the Enable Two Factor Authentication checkbox.

Enabling 2FA by individual users

Non-Administrators can enable 2FA for their individual logins if it is not otherwise required by an Administrator. To enable 2FA individually: 

  1. Log in to Cin7.
  2. Select your name in the top right-hand corner, and select Your Profile.
  3. Select Enable for Two-factor Auth.

Note: The ability to allow individual users to enable 2FA can be disabled by an Administrator.

Configuring 2FA   

Users must install and configure their third-party authenticator app (i.e., Google Authenticator) on their mobile device or desktop when logging in to Cin7 for the first time after 2FA is enabled.

When using 2FA for the first time:

  1. Log in to Cin7. A 2FA configuration screen will appear displaying a QR (Quick Response) code and a set up key (see screenshot below).
  2. Open the third-party authenticator app on your mobile device or desktop.
  3. Scan the QR code, or enter the Set up key in your authenticator app. The authenticator app will return a verification code. 
  4. Enter the code in the Verification Code box.
  5. Select Verify.
  6. A Recovery Code page appears.
    Note: Recovery codes allow you to access Cin7 with 2FA in the event that you do not have access to or lose your mobile device. Please copy and save the recovery codes in a secure location that can be easily accessed when necessary.
  7. Select Continue Login. 

 

As of October 15, 2020, 2FA is mandatory for all Cin7 customers that integrate with Xero as required by Xero.

Installing an authenticator app on your mobile device or desktop   

If you do not currently have an authenticator app on your mobile device or desktop, one can easily be installed. Cin7 recommends Google Authenticator, but other third-party authenticators such as Authy and Microsoft Authenticator can be used. Check with your information technology (IT) team to see if your company already has a preferred third-party authentication app.

To set up a third-party authenticator app for your device:

  1. Download and install your preferred authenticator app from your mobile device’s app store, or on your desktop
  2. Open the authenticator app and initiate the “Add account” functionality
  3. Follow the Cin7 configuration instructions above to add Cin7 as an Account to your third-party authenticator app.

Generating new recovery codes 

If you misplace your original recovery codes, you can generate new recovery codes in Cin7. To do this:

  1. Log in to Cin7.
  2. Select your name in the top right corner, then select Your Profile.
  3. Select Manage button.
  4. Copy the 10 new recovery codes (displayed in red text) and save in a secure location that can be easily accessed when necessary.

Resetting a user 

Administrators can give users access to Cin7 if a user has lost their mobile device and/or recovery codes. To reset user access:

  1. Log in as an Administrator.
  2. Select your name in the top right corner, then click Users.
  3. Find the user in the list, then select Select.
  4. Under Enable Two Factor Authentication, select the Reset Two Factor Settings button.

Updating your bookmarks

If you use a bookmark in your browser to navigate to the Cin7 login page, the bookmark link must be updated after 2FA has been configured.

Please ensure the bookmark is changed from https://auth.cin7.com/Account/Login to https://go.cin7.com/Cloud/.

Enabling multiple devices to log in

  1. Log in to Cin7.
  2. Select your name in the top right corner, then select Your Profile.
  3. Select Manage.
  4. Under Authenticator App, select Add Authenticator.
  5. Open the authenticator app on your other device.
  6. Scan the QR code, or enter the Set up key in your authenticator app. The authenticator app will return a verification code. 
  7. Enter the code in the Verification Code box.
  8. Select Verify.

FAQ

How frequently do I have to log in with 2FA?

By default, you will be prompted to enter an authenticator code each time you log in. The authenticator code is generated by the authenticator app, which has to be added in the Authenticator Code box each time you log in. However, by selecting the Trust this device for 30 days checkbox on the login page when entering a code, you will not be prompted again for another 30 days. If this checkbox is unchecked, you may be prompted for an authenticator code when you log out manually or log out due to no activity for 2 hours.

What do I do if mobile devices are prohibited in my workplace?

If your workplace prohibits personal mobile devices, you can use a desktop-based third party authenticator app, such as Authy, instead.