Two-factor authentication
SECURITY Refer to Setup > My Info in Permissions.
NAVIGATION Setup > My Settings
About two-factor authentication
Two-factor authentication (2FA) is a security process in which a second level of authentication is added to the account login credentials. Both factors of authentication must be used and must be entered correctly in order to establish the person's identity beyond doubt. The two factors may include the following:
- Something that the user possesses, such as a token, card, or key.
- Something that the user knows, such as an email address, password, or PIN.
- Something that is inseparable from the user, such as fingerprint, iris, or voice identification.
Requirements
- 2FA requires login credentials (email and password) and a one-time password (OTP) issued by a 2FA token-generating application.
- A 2FA token-generating application such as Google Authenticator (Android and iOS) must be installed on your smartphone or tablet.
IMPORTANT We strongly recommend that you assign Administrator access to more than one user in the Datto RMM account. This is to ensure recovery should there be an issue authenticating during the initial configuration, or should the authenticating device encounter a problem or become lost.
- Navigate to Setup > My Settings.
- Click the View in Partner Portal button in the upper-right corner of the My Settings page. The User Settings page in Datto Partner Portal will open.
- In the Two-Factor Authentication section, click Configure.
- From the list of default options in the Choose your authenticator app drop-down menu, select the third-party authenticator app of your choice or Other. If you select Other, enter the name of the app in the Authenticator field that appears.
- Use the app you selected to scan the QR code shown on the page.
- In the Verification Code field, enter the verification code the app provides.
- When finished with the 2FA setup, click Enable 2FA.
- You will receive a message confirming the authenticator was configured successfully.
- To confirm 2FA has been set up correctly, log out of Datto RMM and log back in. Once you have entered your credentials, you will see a page asking for the 2FA token that your app will generate. Enter the token and click Authenticate.
NOTE When accessing the Agent Browser, you will also need to enter the 2FA token. Refer to Log in to the Agent Browser.
- If you have more than one account associated with your email address, you will be automatically logged in to whichever account comes up first alphabetically. Once logged in, you will be able to use the user switcher to change the account you are signed in to. Refer to Switch User.
- If you have access to Datto Partner Portal and can log in, you can manage your own 2FA settings. Refer to Set up 2FA.
- If you have access to Datto Partner Portal but cannot log in, contact your administrator who can use the following guide: Reset another user's 2FA credentials (administrators' guide).
- If you do not have access to Datto Partner Portal, contact the Datto RMM Support team. Refer to Kaseya Helpdesk.
- If a user needs their 2FA credentials reset, you can trigger a 2FA reset email for their account. The user will be emailed a verification code, and once logged in to Datto Partner Portal, they can configure 2FA again. Refer to Resetting a user's 2FA.
- If a user needs their 2FA credentials reset but cannot log in to Datto Partner Portal, you can send them a one-time passcode that will allow them to log in. Once logged in, they will be able to manage their own 2FA. Refer to Datto Partner Portal: How do I send a one-time password to let employees reconfigure their Multifactor Authentication (MFA)?.