Skip to main content

Two-factor authentication (2FA)

Two-factor authentication (2FA) is a security method that requires users to verify their identity using two different types of credentials—typically something they know (like a password) and something they have (like a phone or security token). This extra layer of protection helps prevent unauthorized access, even if a password is compromised.

When 2FA is enforced, an access token is requested when the user either:

  • Logs in from a new device, browser, or IP address.

  • Last logged in over 30 days ago.

Before you begin

Two-factor authentication is available to teams using Celonis ID. This means that it is not available in teams where single sign-on (SSO) is active. If you're logging into the platform using SSO, the options available for your personal profile may differ from the screenshots in this topic.

To learn more about Celonis ID: Celonis ID.

And to read more about SSO: Signing in.

Updating your two-factor authentication method

If you're a member of a team that's using Celonis ID, you can update your two-factor authentication method from your user profile.

You can choose between:

  • Email

  • Authenticator app

To access your user profile and update your two-factor authentication method:

  1. Click your avatar and select Edit Profile:

    Click Edit Profile to access your user profile and update your two-factor authentication method.

  2. Click Edit Personal Details.

    Personal Details. Enter the email address and and the user's name.

  3. Click Two-factor authentication.

    The menu to select two-factor authentication, where your users receive an access token via email, SMS, or supported authenticator app.

  4. Choose your preferred authentication channel:

    configuring_2FA.png

  5. Optional: Generate a two-factor recovery code by clicking Regenerate recovery codes and copying the code displayed.

    Recovery codes are a one-time second factor to access your account in the event you lose access to your device and cannot receive two-factor authentication codes. See: Recovery codes.

Configuring your preferred authenticator app

To use your preferred authenticator app to sign into the Celonis Platform:

  1. Click your avatar and select Edit Profile.

  2. Click Edit personal details.

  3. Click Two-factor authentication.

  4. Select Authenticator app and click Setup.

    setup_authenticator_app.png

    After clicking Setup, a one-time password is sent to your email address. This password is needed for the next step.

  5. Scan the QR code with your authenticator app, then enter the generated one-time password along with your Celonis ID password and the one-time code sent to your email.

    authenticator_app_setup_complete.png

  6. Click Submit.

    The authenticator app is now synced to your Celonis ID, allowing you to use it when signing into the Celonis Platform.

Supported authenticator apps

While there are numerous authenticator apps available, we have tested and can verify the following:

Related topics