browse
Introduction
With two-step verification or two-factor authentication, Umbrella provides you with the ability to further tighten the security around your Umbrella for MSPs console. Two-step verification requires that you use your mobile device as the second factor for authentication. This article covers the enabling of two-step verification, the two methods for using it (text message and mobile app), and how to disable two-step verification.
Two-step verification ensures that no one can 'brute-force' their way into Umbrella, and once enabled, whenever you sign into the Umbrella for MSPs console, yu must enter both your password and a security code sent to you by Umbrella.
Something you know (password) + Something you have (security code) = Verification |
Think of this as yet another level of security to ensure the person logging into Umbrella is really you!

ALERT:
If you're interested in setting up two-step verification for individual customer logins, you can do that within the customer's dashboard following the instructions here.
Enabling Two-Step Verification for Umbrella for MSPs
Before you start, it's important to note that you can only enable two-step verification for the account you're currently logged into. You can view whether another administrator account has two-step verification enabled, but you cannot change another account's settings.
Note: Two-step authentication is disabled by default.
- Navigate to MSP Settings > Admins and expand the account you're logged into by clicking the account name.
- Click Enable.
To enable two-step verification, you'll need to configure the method by which you will receive your security code. This configuration includes verifying the mobile device to which you'll receive your security code. This is to ensure you don't accidentally enable two-step verification and then learn that you cannot receive security codes.
- Click Continue.
There are two ways to receive your security codes including your initial verification code to enable the service. If you know which method you will use, you can click the link below and jump to that area:
- Use text messages:—Security codes will be sent to your mobile phone via SMS text message.
-
Use mobile app:—Security codes will be generated by an authenticator app. For more information about Google Authenticator, click here.
Method 1: Use text messages
- If you select this method, enter your phone number including the country and area codes.
- Click Continue.
You'll receive a text message that includes a six digit code. - Enter your original password for the Umbrella for MSPs console along with the six digit code you've just received, then click Enable two-step verification.
At this point, you'll receive a very important message with an emergency recovery code to disable two-step verification in case you lose your phone.
REMINDER:
Make sure that you save a copy of your recovery code somewhere other than your mobile device. Likewise, don't store your passwords on your phone—security is only effective if the password and the security codes are separate.
- Click Done.
Now that it's enabled, you should receive a text message that includes a security code each time you log in to your Umbrella for MSPs console.

NOTE:
The security code expires 30 seconds after being sent. It's possible that if there's a delay with your carrier or you don't use your code right away, you'll need to have it resent. There is an option to do this at the login screen by clicking Resend Code.
Method 2: Use mobile app
This method requires that you first download an authentication app. We recommend Google Authenticator, which works on Android, iPhone, Blackberry, and more. It's a quick download from the Google Play Store or the Apple App Store. To read more about it including how to install it, click here.

ALERT:
If the time on the mobile device using Google Authenticate is off significantly from actual time, code verification does not work. Please ensure that your mobile device is time synched correctly. Even a few minutes off can make a big difference in regard to receiving codes that have not expired.
- Once you've installed Authenticator or an equivalent app, select Use mobile app. You'll be asked to scan a QR code. Go into Authenticator on your phone, and add a new token (clicking the + in the lower right) then Scan Barcode.
- On your mobile device, go into Authenticator and select Add Token > Scan Barcode. After scanning the barcode, you'll receive a six-digit security code that you'll use to authenticate with along with your password.
- In the MSP Console, enter this six-digit security code along with your normal password and click Enable Two-Step Verification.
Once this step is complete, your authentication app will generate a fresh code every 30 seconds that you can use to log in.
At this point, you'll receive a very important message with an emergency recovery code to disable two-step verification in case you lose your phone.

REMINDER:
Make sure that you save a copy of your recovery code somewhere other than your mobile device. Likewise, don't store your passwords on your phone—security is only effective if the password and the security codes are separate.
4. Click Done.
Now that it's enabled, you will need to use the app to generate a new six-digit security code each time you log in.
Logging in as an MSP User with Two-Step Verification
Logging in is as simple as entering the security code you've received via the mobile app or text message after you've already logged in with your password. The verification screen is shown after your initial login.

Note:
If you previously received text messages (SMS) but aren't receiving them now, our SMS provider Twilio could be having difficulties. For information about its status, check http://status.twilio.com/.
Disabling Two-Step Verification or Lost Phone?
If you no longer wish to use two-step verification:
- Simply go to Configuration > System Settings > Accounts.
- Select your account and then click Disable for two-step authentication.
When you click Disable, you'll be sent a new one-time security code and will be asked to enter it one last time to confirm your request.
Lost Phone
If you've lost your phone (or tablet) and you no longer wish to use two-step verification, click Lost your phone? when logging in. This will take you to an area where you can enter your emergency recovery code and disable the software.
As a reminder, the emergency recovery code was the code provided after the initial setup for both SMS and the mobile app.
Should you lose both of your device as well as the emergency recovery code, support may require additional information to assist you with an account reset.
Umbrella Partner Console and STC and MSSP Administrators
Administrators who belong to an Umbrella Partner Console or a Secure Trials Console or an MSSP should use the instructions at the following website to enable two-step verification:
https://support.umbrella.com/hc/en-us/articles/6167138590996