Skip to content

Getting Started With Two-Factor Authentication

Volgistics offers two-factor authentication for System Operators for added security. When account holders enable this feature, a single-use code will be required in addition to the Operator's normal login credentials (the account number, email address, and password). The single-use code will also be required when the account's billing contact logs in to the Volgistics Store using the accounting access code.

This feature can be customized to different levels to meet the security needs of a variety of organizations.

  • The single-use code can be required for some Operators, but other Operators can be bypassed.

  • The single-use code can be required for the initial log in, but Operators can have their web browser remember the authentication on their device for subsequent log ins.

  • The single-use code can be required for each log in and delivered by email or generated by an authenticator app.

  • The single-use code can be required for each log in and only generated by an authenticator app.

This help topic explains how to set up the two-factor authentication feature in Volgistics.

Pick an Authenticator App If Needed

As mentioned above, the single-use code can be sent by email or generated by an authenticator app. The authenticator app option provides the best security and it can often be more convenient than waiting for an email to arrive. Authenticator apps are available to use on the same computer the System Operator uses to access Volgistics, but having the app on a separate device such as a smart phone or tablet is usually preferred. The two-factor authentication feature will work with any of the popular authenticator apps.

The Operators for some organizations may already be familiar with authenticator apps and how they work. In this case, there's no need to choose an app in advance. Each Operator can simply use the app they already have or pick one. This approach will usually work best for smaller organizations.

But if your organization has more Operators it may be beneficial to pick a preferred authenticator app before enabling two-factor authentication--especially if your Operators are unfamiliar with authenticator apps and how they work. In this case, having a standard app will make it easier to give directions when rolling out the new requirement and it will also aid in troubleshooting problems.

Large organizations may already have a preferred app so in this case you should contact your IT department to learn which app to use.

Volgistics does not require a specific app and we do not endorse any particular apps. There are a variety of free, easy-to-use apps available in the Google Play or Apple App stores for mobile devices. You can also find free authenticator apps to download if you want to use the app on your computer instead. For your convenience, here are some of the popular options

Enable Two-Factor Authentication

The first thing you'll need to do is enable two-factor authentication for your Volgistics account. You'll need access to Setup on the Volgistics menu to do this.

  1. Select Setup from the menu.
  2. Go to System Operators.
  3. Select Ground Rules.

  4. Check Two-Factor Authentication.

    Image of Two-Factor Authentication Setting

    • Check Allow devices to remember authentication if you only want authentication to be required on the first login. See the Allow devices to remember authentication section below for more information on this setting.
    • Check Only allow authenticator app once set up if you want to prevent the authentication codes from being sent by email once the operator validates their authenticator app. See the Only allow authenticator app once set up section below for more information on this setting.

  5. Click the Save button.

Allow devices to remember authentication

Check the box in front of Allow devices to remember authentication if you only want to require the two-factor authentication process the first time the Operator logs in using their own computer. When this is checked, the Operator will just need to enter their password when they are logging in on their own computer. The additional code will still be required if the Operator uses a different web browser or computer, or clears the cookies and history from their usual web browser.

Make sure the box is unchecked if you want the two-factor authentication process to be required each time Operators log in.

Only allow authenticator app once set up

Check the box in front of Only allow authenticator app once set up if you only want the Operator to use an authenticator app to get the single-use code. When this is checked, the code will be sent by email initially until the Operator validates their authenticator app. After that, the option to have the code sent by email will be removed.

Make sure the box is unchecked if you want the Operator to be able to choose between getting the code by email or through an authenticator app.

Security Vs. Convenience

Added security often comes at the price of convenience, so you should keep this in mind when deciding whether only the authenticator app can be used. For example, if Operators can only use an app to get the code, they'll be unable to use Volgistics if they lose the device the app is installed on. In this case, they'll only be able to gain access if another Operator can reset their access. Also, if an an organization only has one Administrator level Operator and they suddenly leave the organization and take the device the app was installed on with them, gaining full-account access will be more difficult.

Exempt Operators If Needed

After you enable two-factor authentication, every System Operator set up for your account will be required to enter the additional single-use code when they log in. You may have situations where you want to bypass this for certain Operators. For example, an Operator whose record is configured so they can only access Volgistics on a computer connected to your organization's IP address may not need the additional security because outside computers could not be used to log in with their credentials.

If you have situations like this, you can exempt the Operator from two-factor authentication by taking these steps:

  1. Choose Setup from the menu.
  2. Go to System Operators.
  3. Select the Operator record you want to exempt.

  4. Uncheck Use two-factor authentication in the This operator is allowed to settings under the Rights heading.

    Image of Use Two-Factor Authentication Setting

  5. Click the Save button at the bottom of the page.

You'll need to repeat the steps for each Operator where you want to bypass the need for the additional code to be entered. There is not a way to bypass the requirement to enter a single-use code when the account's billing contact logs in to the Volgistics Store using the accounting access code.

Update Your System Operators

Because the change to two-factor authentication will impact how your System Operators log in to Volgistics, we recommend letting them know about the change in advance. There is not a way to send a message to Operators from within Volgistics so you'll need to do this outside of the system. You can find the email address Operators use when they log in to Volgistics on the System Operators Settings page for their record.

If you have a large number of Operators, we can provide a spreadsheet listing Operator names and email addresses. To provide this, we will need to have an Administrator make the request by selecting Support from the menu inside their Volgistics account.

You can refer Operators to the Two-Factor Authentication section of How to Log In for instructions. If you chose a preferred authenticator app, be sure to tell the Operators which app to use.

Reset App Access

If you opted to only allow the authenticator app when you enabled two-factor authentication, you may have situations where an Operator's authenticator app is not available. For example, if they lose the cell phone where they downloaded the app. In this case, you'll need to reset the Operator's access so they can verify a new authenticator app. To do this:

  1. Select Setup from the menu.
  2. Go to System Operators.
  3. Select the Operator record that needs to be reset.

  4. Click the Reset button under Use two-factor authentication. This is located at the bottom of the This operator is allowed to section.

    Image of Reset Button

After you do this, the Operator will need to follow the steps to set up their authenticator app again.