Secure your account
Two-factor authentication (2FA) adds a second verification step to your Sekoia login, protecting your account even if your password is compromised. This article explains how to enable 2FA, generate backup codes, and manage your authentication settings.
Sekoia strongly recommends enabling 2FA for all accounts. Your administrator may require it as part of your workspace security policy.
Enable two-factor authentication
Prerequisites
- An authenticator app installed on your mobile device (such as Google Authenticator, Authy, or LastPass Authenticator)
Steps
- Log in to Sekoia.
- Click your name at the bottom of the navigation menu.
- Select Profile and security.
- In the Security section, locate Two-factor authentication.
- Click Enable.
- Enter your current password to confirm your identity.
- Open your authenticator app and scan the QR code displayed on screen, or manually enter the token shown below the QR code.
- Enter the 6-digit code generated by your authenticator app.
- Click Verify.
2FA is now active on your account.
Save your backup codes immediately
After enabling 2FA, Sekoia generates ten single-use backup codes. Copy or download them before closing the window and store them in a secure location. You will need these codes if you ever lose access to your authenticator app.
Generate backup codes
Backup codes allow you to log in if you cannot access your authenticator app. Each code can only be used once.
To generate a new set of backup codes:
- Navigate to Profile and security.
- In the Security section, find Backup codes.
- Click Generate new codes.
Previous codes are invalidated
Generating a new set of backup codes immediately invalidates all previous codes. Update your secure storage with the new codes.
Log in with a backup code
If you cannot access your authenticator app during login:
- Enter your email address and password on the login page.
- When prompted for the verification code, enter one of your backup codes.
- Click Verify.
Each backup code is valid for one use only.
Change your preferred authentication method
If you have configured multiple authentication methods:
- Navigate to Profile and security.
- In the Security section, select your preferred method.
Disable two-factor authentication
Security risk
Disabling 2FA reduces your account's protection. Only disable it if your administrator has confirmed this is permitted by your workspace security policy.
To disable 2FA:
- Navigate to Profile and security.
- In the Security section, click Disable next to two-factor authentication.
- Enter your current password to confirm.
Reset another user's 2FA (administrators only)
Administrators can reset the 2FA of any user in their community. This generates a single-use recovery code valid for 24 hours.
- Navigate to Settings > Workspace > Users.
- Locate the user whose 2FA you want to reset.
- Click the ... button to the right of the user's name.
- Select Reset user 2FA.
- Read the requirements in the confirmation modal, then click Reset.
- Enter your admin password.
- Copy the single-use recovery code.
- Send the code to the user through a secure channel (not email).
The user receives an email notification informing them that their 2FA has been reset. They must set up a new 2FA method after logging in with the recovery code.
Resetting both password and 2FA simultaneously
If a user needs both their password and their 2FA reset at the same time, contact Sekoia support directly.
Related links
- Log in for the first time — How to accept your invitation and access the platform.
- Troubleshooting common issues — What to do if you are locked out of your account.
- Workspace setup overview — How administrators configure workspace-level security policies.