Prerequisites: This function must be enabled by Learning Pool Support before being available to accounts in the LXP.

Summary: Enabling Two-factor Authentication on an LXP allows end-users to leverage 3rd party authentication apps (Google Authenticator, Microsoft Authenticator, LastPass Authenticator, etc.) to add another level of security to their account.

What is it?

Once the two-factor authentication function is enabled for the LXP as a whole, end-users can enable or disable two-factor authentication from their profile page. Once enabled on an account, the end-user can use an authenticator app, downloaded from the App or Play Store, to generate a unique, one-time code to that can be entered to confirm their standard username and password. 

Why have we done this?

Two-factor authentication makes your learners’ experience in the platform safer and more secure. It does this by providing another layer of security when a user wants to access the platform.

How does it work?

Note: Remember that the two-factor authentication function must first be enabled by Learning Pool Support before the following will be available to users.

1. An end-user can navigate to their profile by expanding the User menu in the upper right corner of the page and selecting View Your Profile.  

2. When viewing a user's profile, select the Security tab to see the two-factor Authentication settings. This will initially be "Disabled". Select Enable 2FA to continue setup. 

3. The end user will be presented with a QR code that most 3rd party authenticator apps can scan to establish a link with the LXP. Once this is done the 3rd party authenticator app will generate a six-digit code to set up the initial connection. Enter this six-digit code into the available fields and select Enable 2FA.

4. Two-factor authentication will now be enabled for the end-user. 

5. Once two-factor authentication is enabled, after the end-user attempts to sign into the LXP by entering a username/password combination, they will be asked to enter a one-time use six-digit code that is constantly updated on the 3rd party authenticator app.

Disabling two-factor authentication

If necessary, the connection with the 3rd party authentication app can be disconnected by the end-user by returning to the Security tab of their profile and selecting Disable 2FA.

In the event that an end-user has enabled two-factor authentication but no longer has access to the device containing the 3rd party authentication app, an LXP administrator can manually disconnect two-factor authentication from an end-user's account using the following steps:

1. Access the Users page of the LXP administration view. 

2. Locate the desired user account and select their Edit User action icon.

3. In the Edit User page for the user account, selecting Disable 2FA will disconnect the user's account from the connected 3rd party authenticator app. The user will then be able to sign into the LXP using their username/password combination alone.