Skip to main content
waffle.svg
Domo Knowledge Base

Turning On Multi-Factor Authentication

Version 25

 

Note: This feature is available on demand.
 

To request that this feature be enabled,

  • contact Technical Support by using /support in Buzz, by email at support@domo.com, or by phone at 801-805-9505 (Monday through Friday, 7 am to 6 pm MST).

  • reach out to your Domo Customer Success Manager or Technical Consultant.

Depending on the feature, you may be required to complete training before you can use the feature.

You can find multi-factor authentication options in Admin Settings > Security > Authentication. You can only do this if you have an "Admin" default security role or a custom role with "Manage All Company Settings" enabled. For more information about default security roles, see Default Security Role Reference. For more information about custom roles, see Managing Custom Roles.

In the Admin Settings, you can access options for enabling multi-factor authentication for the employees in your company. When multi-factor authentication is enabled, users who log into Domo are sent an authentication code via text message; they must then enter this code to access Domo. If they have not entered mobile numbers into Domo, they will receive an email instead. They will not receive a separate prompt.

The mobile app does not currently act as the second factor for authentication. Users on mobile will need to receive the SMS message the first time they log in.

Important: If users have Single Sign-On (SSO) enabled in their instance, dual-factor authentication will not work. If you would like this feature, you must configure it via your SSO identity provider. For more information, see Understanding and Configuring Domo Single Sign-On.

Note: Multi-factor verification is not supported by Workbench, Excel Plugin, or PowerPoint plugin.

If you enable multi-factor authentication before users have entered their mobile numbers, if they attempt to log in they receive an email with the code instead of a text message.

In Admin Settings > Security > Authentication, you have access to the following multi-factor authentication options:

  • You can set a requirement that users redo their multi-factor authentication after a given number of days.

  • You can set a requirement that codes expire after a given number of failed attempts. 

  • You can see a list of all users who have not entered their mobile number into their Profile pages. You can also send these users a Buzz message reminding them to provide their numbers.

You can also set multi-factor authentication for yourself, as opposed to turning it on for your entire company. You do this in your user Settings screen.

Video - 2-Factor Authentication

 

To enable multi-factor authentication for your company and set options,

  1. Click More > Admin Settings.
    The
    Admin Settings appears.

  2. Under Security, click Authentication.
    The multi-factor authentication options are found at the bottom of the Authentication panel.

  3. (Optional) To require that users redo their multi-factor authentication after a given number of days, do the following:

    1. Check the Require users to periodically redo Multi-factor authentication box.

    2. Enter the number of days before multi-factoring expires.

  4. (Optional) To require that codes expire after a given number of failed attempts, do the following:

    1. Check the Require code expiration after failed attempts box.

    2. Enter the number of accepted invalid attempts before code expiration.

    3. Click Save Changes

    4. (Optional) To send a Buzz message to users who have not entered their mobile numbers in their Profile pages, do the following: 

      1. Click the blue hyperlinked number. 

      2. If desired, change the message text at the bottom of the dialog. 

      3. Click Send

For information about Buzz, see Buzz. For information about entering personal information in the Profile page, see Specifying Your Personal Profile Information.