What is Two-Factor Authentication in Caseware Cloud?

Published: 17/08/2023

I am a Caseware Cloud user and I want to know what Two-Factor Authentication is and how I will use it.

Answer:

Caseware puts in world class safeguards to protect your information on Caseware Cloud

Caseware revolutionised the way you manage your Engagement Information online with the help of Caseware Cloud. To ensure that your information and other related data on Caseware Cloud remains well protected, Caseware introduced an additional security measure called Two-Factor Authentication to provide an additional safeguard when users log in.

It also integrates with your Caseware Working Papers when you integrate it to your instance of Caseware Cloud. To do this integration, please refer to the video entitled How to integrate Caseware Working Papers with your Cloud Instance from the Knowledge Base. This means that you and everyone in your team that has access to your Cloud instance doesn't need to set up a separate Protection Setup username and password. Simply use your Caseware Cloud credentials.

How does it work?

Two-Factor Authentication is a security feature that requires you as a user to supply three things when logging in:

Your Caseware Cloud username
Your password
A once off One Time Pin (OTP), sent as a text message (Also known as an SMS) to the user's mobile phone.

Users will supply their login username and password, which will trigger Two-Factor Authentication. A screen will prompt the user to refer to a text message that is being sent to their mobile phone containing their OTP. Once this OTP is entered, the user gains access to their Caseware Cloud profile. Using these two pieces of authentication information helps ensure that you are the only person that can access your Caseware Cloud account, even if someone else manages to get access to your password.

How does my Caseware Administrator activate this security feature?

Your firm's Caseware Cloud Administrator (who can be the Caseware Champion as well), will enable Two-Factor Authentication on your Cloud's instance via the Settings menu. In addition to ensuring that this feature is enabled, he/she will also need to ensure that all users have the correct mobile phone number captured onto their profile. This is because Two-Factor Authentication will use your user's mobile number to send text messages containing the secure code for logging in.

Ensure that your organisation has at least two staff members with the Admin role before enabling Two-Factor Authentication. Only staff members with the Admin role can disable Two-Factor Authentication. Having two users with the Admin role ensures that at least one account will always be able to access Cloud.

To enable two-factor authentication for staff and contacts:

Ensure you have the Settings Admin role or the equivalent permissions.
From the Cloud menu, click on Settings | Security | Authentication and Session Management.
Select All Staff, All Contacts, or both. If you want either group to be able to opt out of Two-Factor Authentication temporarily, select Allow user to skip setup until: and choose a date and time. This option is intended to allow users sufficient time to complete the setup process.

From the drop-down menu, select Every 30 days or Every sign-in to set how often Two-Factor Authentication is required when you sign in. You will need to provide a new code the first time you sign in from a new device regardless of your choice.
Click on Save to confirm.

Enable Two-Factor Authentication for your own account (As a user)

You can enable Two-Factor Authentication for your own account at any time, even if it’s not enabled across your organisation. You’ll need a valid phone number to enable this option.

To enable Two-Factor Authentication as a user, follow these steps:

Select your avatar (top right) and choose My Settings.

From the sidebar, click on Account Settings.
Select Enable, then choose your country from the drop-down menu.
Enter your mobile phone number in the Mobile Phone field, then click on "Update Phone Number".

Enter your password, then enter your verification code in the "Verification Code" field.
Then click on "Verify". Note that if you lose your mobile phone, your Caseware Cloud Administrator can disable Two-Factor Authentication temporarily until you can reconnect your service with your mobile phone network service provider.

Additional requirements for Working Papers users

Currently, two-factor authentication is only supported with Working Papers 2017.00.283 or later. If you are using an earlier version of Working Papers, an administrator must disable two-factor authentication for your Cloud account otherwise you will not be able to sign in. To learn more about disabling two-factor authentication for individual accounts, see Enable two-factor authentication for your own account.

As a user, how can I update my phone number on Caseware Cloud?

If you change your phone number, you’ll need to update your Two-Factor Authentication settings.

To update your phone number:

Select your avatar, then select My Settings.

From the sidebar, select Account Settings.
Enter your cell phone number in the Mobile Phone field and select Update Phone Number.

Enter your password, then enter your verification code in the "Verification Code" field.
Click on "Verify".

Generate backup codes

Backup codes enable you to log in if you cannot access your mobile phone, or if an administrator is unavailable to disable Two-Factor Authentication for you. Backup codes are single-use and must be generated while you have access to your account.

To generate backup codes:

Ensure you have enabled Two-Factor Authentication for your account.
Select your profile picture and choose My Settings.
From the sidebar, click on Account Settings.
Select Generate backup codes.
Enter your password, then select Continue.
Write down your backup codes and store them in a safe place or select Download to store them in a TXT file.
Click on Close.

Disable Two-Factor Authentication for a specific user

If you lose access to both your mobile phone and any backup codes you have generated, you won’t be able to access your account. To regain access, an administrator must disable two-factor authentication for your account.

To disable Two-Factor Authentication for a specific user:

Ensure you have the Admin role.
From the Cloud menu, select Staff or Contacts.
Choose a staff member or contact, and click on Edit (Refer to the image below).

Select Password; then choose Disable Two-Factor Authentication.
Select Until: to allow a staff member or contact to opt out temporarily. This option ensures you won't have to manually re-enable Two-Factor Authentication later. Alternatively, select Permanently to disable Two-Factor Authentication indefinitely for that user.