Two-factor authentication (2FA) is a dual security method to authenticate users. The Cybersecurity & Infrastructure Security Agency (CISA) recommends enabling 2FA to protect your account in case your login credentials are compromised. This article goes over the 2FA settings and how to reset 2FA if needed.
A mobile device with a camera and an authenticator app installed is needed to set up 2FA. Supported authenticator apps:
- Google Authenticator
- Authy
- 1Password
- Microsoft Authenticator
- Okta Verify
- Duo Mobile
- LastPass Authenticator
Require 2FA
Super Admins can enable a global setting that requires all users to use 2FA when logging in to Nebula. This ensures users are protecting their accounts with 2FA.
- Go to Configure > Users.
- Click the Two-factor authentication button.
- Toggle on Require two-factor authentication for all users.
Manually enable 2FA
When the setting to require 2FA is disabled, users can manually set up 2FA in their profile settings. At the top right, click the display name > Profile. In the Security tab, toggle on Two-factor Authentication and follow the instructions to set up 2FA.
2FA Recovery code
Super Admins can enable a global setting that allows users to authenticate with a recovery code sent by email. This setting must be enabled prior to needing to use a recovery code. A recovery code is useful in cases where a mobile device has been lost or replaced. Remember that enabling this setting allows a threat actor to bypass 2FA if an email account is compromised.
To enable this feature, a Super Admin must:
- Go to Configure > Users.
- Click the Two-factor authentication button.
- Toggle on Allow the recovery code to be sent via email.
Once the setting is enabled, a user can request a recovery code.
Request a recovery code
- Go to the Nebula login page.
- Enter a Nebula email address and password.
- Click Request recovery code.
- Check the email for the recovery code.
- Enter the recovery code in the verification screen and click Submit.
Reset 2FA
We recommend having a second Super Admin in Nebula in case you ever need to reset 2FA. If you kept the recovery code option disabled and need to reset 2FA, have another Super Admin follow these steps.
- Click Configure > Users.
- Click Reset next to the user who needs their 2FA reset.
- In the confirmation window, click Reset 2FA.
If there are no other Super Admins to reset 2FA, contact Support.