What is 2FA?
Two-factor authentication provides an extra layer of security when users sign into Socrata-powered sites. When 2FA is enabled, specified users will be requested to enter a 6-digit verification code in addition to their password to log into a site. The feature can be used with or without Single Sign-On.
Site administrators can choose to enforce 2FA for an entire e-mail domain (i.e. @socrata.com) and/or for specific users. It is not possible to require 2FA for any and all users who may access your site - only for those users you specify.
How does Socrata enforce 2FA?
Socrata uses Google Authenticator to enforce 2FA. This requires users to install the Google Authenticator app on their mobile phone, as well as a barcode/QR code scanner for the initial set-up. Both applications are available at no cost from Google Play (for Android users) and Apple (for iPhone users).
Is 2FA compatible with all Socrata products?
This feature is currently compatible with the following Socrata products: Open Data, Open Performance and Perspectives. It is not yet available for Public Finance or Public Safety products. Stay tuned to our Product News for updates.
Will 2FA affect DataSync jobs and other types of authentication?
No, 2FA will only be enforced when a user is signing in through the Socrata web interface.
How can I request 2FA for my Socrata-powered site?
This feature is available to Socrata customers at no additional cost. To request 2FA for your site, contact firstname.lastname@example.org. In your request, please specify how you would like to enforce 2FA. You can choose from the following options:
- Enable 2FA for an entire e-mail domain(s) that you own (for example, Socrata would use @socrata.com). This will require all users with the specified e-mail extension to use 2FA when logging in.
- Enable 2FA for a specific set of users. This will limit 2FA to particular users based on the e-mail addresses you provide. All other users will continue to sign into your site as usual, without 2FA.
- Enable 2FA for entire e-mail domains as well as for specified users with different e-mail extensions. This could be useful if you wish to require 2FA for all users with an official e-mail extension (i.e. @socrata.com), as well as contractors or partners with different e-mail extensions.
What will users experience after 2FA is enabled?
The users specified in your 2FA configuration request will first enter their username and password on the login page for your site, as usual. They will then see this screen:
Using the Google Authenticator app, they will need to scan the barcode to create an account for the Socrata site. The app will then provide a 6-digit verification code that can be entered to complete the login process.
On all subsequent login attempts, users will see the following screen after entering their username and password. Simply open the Google Authenticator app to retrieve the required code.