# 2-Factor Authentication ## Activate 2-factor authentification {% hint style="warning" %} Before Before enabling 2-factor authentication, set up your [mailserver](https://docs.enginsight.com/docs/master/on-premises/configuration/mail-server) and [test email configuration](https://docs.enginsight.com/docs/master/on-premises/mail-server#test-mail-server). {% endhint %} {% hint style="warning" %} If you customize a **configuration file** on the application server, you must always run **`setup.sh` afterwards**. Only then will the settings be applied. {% endhint %} 1\. Open the configuration file. ``` nano /opt/enginsight/enterprise/conf/services/config.json ``` 2\. Set `twoFactor` to `true`. ``` "twoFactor": { "enabled": true } ``` 3\. Save the configuration file (Ctrl+o) and confirm the saving process. Close nano (Ctrl+x). 4\. Navigate to /opt/enginsight/enterprise ``` cd /opt/enginsight/enterprise ``` 5. Run `setup.sh` to make the changes apply. ``` sudo ./setup.sh ``` 6. If you only want to secure important functions with 2-factor authentication, you are done now. If you want to ask for the second factor when logging in, enable this in the settings directly in the Enginsight platform: Settings → Organisation → Advanced settings → Two-factor authentication for all team members. 7. You can learn how to use an Authenticator app [here.](https://docs.enginsight.com/docs/master/operation/platform/einstellungen#add-a-authenticator-app) ### Increase in verification time {% hint style="info" %} For the verification time adjustment to take effect, [two-factor authentication (2FA) must be set to: enabled](#activate-2-factor-authentification). {% endhint %} If you need more time to enter the code during 2-factor login, you can increase the time window for valid tokens in the `config.json` configuration file. 1. Open the configuration file ``` sudo nano /opt/enginsight/enterprise/conf/services/config.json ``` 2. Add value Add the `authenticatorWindow` parameter under `onpremise.twoFactor`. ``` "twoFactor": { "enabled": true, "authenticatorWindow": 6 } ```

authenticatorWindow determines how long a code will remain valid.
A 2FA code (TOTP) is normally valid for 30 seconds.
This results in:
30 seconds × authenticatorWindow = period during which the code will remain valid

3. Save changes\ Save the configuration file (Ctrl+o) and confirm the save process. Close nano (Ctrl+x). 4. Navigate to `/opt/enginsight/enterprise` ``` cd /opt/enginsight/enterprise ``` 5. Run `setup.sh` for the changes to take effect. ``` sudo ./setup.sh ``` #### Example 2 minutes {% hint style="info" %} **30 seconds × `"authenticatorWindow": 4` = 2 min.** period during which the code is still accepted. {% endhint %} ``` { "onpremise": { "twoFactor": { "enabled": true, "authenticatorWindow": 4 } } } ``` #### Example 3 minutes {% hint style="info" %} **30 seconds × `"authenticatorWindow": 6` = 3 min.** period during which the code is still accepted. {% endhint %} ``` { "onpremise": { "twoFactor": { "enabled": true, "authenticatorWindow": 6 } } } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.enginsight.com/docs/master/on-premises/configuration/2-factor-authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.