# 2-Factor Authentication

## Activate 2-factor authentification

{% hint style="warning" %}
Before Before enabling 2-factor authentication, set up your [mailserver](https://docs.enginsight.com/docs/master/on-premises/configuration/mail-server) and [test email configuration](https://docs.enginsight.com/docs/master/on-premises/mail-server#test-mail-server).
{% endhint %}

{% hint style="warning" %}
If you customize a **configuration file** on the application server, you must always run **`setup.sh` afterwards**. Only then will the settings be applied.
{% endhint %}

1\. Open the configuration file.

```
nano /opt/enginsight/enterprise/conf/services/config.json
```

2\. Set `twoFactor` to `true`.

```
    "twoFactor": {
      "enabled": true
    }
```

3\. Save the configuration file (Ctrl+o) and confirm the saving process. Close nano (Ctrl+x).

4\. Navigate to /opt/enginsight/enterprise

```
cd /opt/enginsight/enterprise
```

5. Run `setup.sh` to make the changes apply.

```
sudo ./setup.sh
```

6. If you only want to secure important functions with 2-factor authentication, you are done now. If you want to ask for the second factor when logging in, enable this in the settings directly in the Enginsight platform: Settings → Organisation → Advanced settings → Two-factor authentication for all team members.
7. You can learn how to use an Authenticator app [here.](https://docs.enginsight.com/docs/master/operation/platform/einstellungen#add-a-authenticator-app)

### Increase in verification time

{% hint style="info" %}
For the verification time adjustment to take effect, [two-factor authentication (2FA) must be set to: enabled](#activate-2-factor-authentification).
{% endhint %}

If you need more time to enter the code during 2-factor login, you can increase the time window for valid tokens in the `config.json` configuration file.

1. Open the configuration file

   ```
   sudo nano /opt/enginsight/enterprise/conf/services/config.json
   ```
2. Add value

   Add the `authenticatorWindow` parameter under `onpremise.twoFactor`.

   ```
   "twoFactor": {
     "enabled": true,
     "authenticatorWindow": 6
   }
   ```

   <div data-gb-custom-block data-tag="hint" data-style="info" class="hint hint-info"><p><code>authenticatorWindow</code> determines how long a code will remain valid.<br>A 2FA code (TOTP) is normally valid for 30 seconds.<br>This results in:<br>30 seconds × <code>authenticatorWindow</code> = period during which the code will remain valid</p></div>
3. Save changes\
   Save the configuration file (Ctrl+o) and confirm the save process. Close nano (Ctrl+x).
4. Navigate to `/opt/enginsight/enterprise`

   ```
   cd /opt/enginsight/enterprise
   ```
5. Run `setup.sh` for the changes to take effect.

   ```
   sudo ./setup.sh
   ```

#### Example 2 minutes

{% hint style="info" %}
**30 seconds × `"authenticatorWindow": 4` = 2 min.** period during which the code is still accepted.
{% endhint %}

```
{
  "onpremise": {
    "twoFactor": {
      "enabled": true,
      "authenticatorWindow": 4
    }
  }
}

```

#### Example 3 minutes

{% hint style="info" %}
**30 seconds × `"authenticatorWindow": 6` = 3 min.** period during which the code is still accepted.
{% endhint %}

```
{
  "onpremise": {
    "twoFactor": {
      "enabled": true,
      "authenticatorWindow": 6
    }
  }
}
```