2FA in Studio

In this article, you will learn how to use Two-factor authentication in ftrack Studio. 

Please note:

The "Enforce 2FA setting" is only available to Enterprise customers.

  • Our non-enterprise customer who has been using 2FA before the switch (who has the “Enforce 2FA” feature turned on”), will keep the feature on, but once turned off, they will not be able to turn it on again.

 

ftrack Studio supports 2FA (Two-factor authentication), which can be enabled for the login process. Two-factor authentication is a multi-factor identity verification type that enhances account security by requiring a second factor to authenticate the user beyond the account password.

Logging in with 2FA

When logging in with 2FA, you first encounter the standard ftrack login screen, where you must enter your username with password. ftrack verifies these credentials against the ftrack database or LDAP source. If the credentials are valid, a new screen displays, asking to enter an OTP (one-time-password, a temporary and secure PIN code).

Tip: To generate the OTP, you can use different authentication applications (Apps) – such     as Authy, Duo Mobile, or Google Authenticator.
 
After the OTP is generated, you must enter it into the ftrack Studio 2FA login screen.

If the OTP is valid, it gets accepted by ftrack, and your Studio login is complete, granting you access to the service.

Please note: 2FA is available only to users of ftrack and LDAP types. Users logging in via  Google or SSO can already use 2FA via their identity provider.

 

Enforcing 2FA on all accounts [Only available to Enterprise customers]

You can enable ftrack Studio's 2FA feature per account or enable it for all users, forcing all accounts to log in using 2FA.

To enforce 2FA for all accounts, go to System settings > Security > Settings and toggle on the Enforce two-factor authentication checkbox.

2022-12-12_12-47-34.jpg
 

When the Enforce two-factor authentication checkbox is toggled on for a user, they will be asked to enable 2FA immediately following their subsequent login (with username and password) or when they reload their ftrack Studio webpage.

  • Step 1: To enable 2FA, the user must download and install an app, such as Authy, Duo Mobile, Google Authenticator, or any other desktop or web-based TOTP application (Time-based One Time Password).

  • Step 2: Once the app is downloaded to their personal device, the user needs to open it and scan the QR code displayed on the screen.

  • Step 3: The user will receive a verification code they must enter into the ftrack Studio dialogue box where it says Insert code...

2022-12-12_12-48-01.jpg
 

Once the 2FA is enabled, the user will receive a confirmation message:

Screenshot_2023-01-17_at_09.52.15.png
 

Enabling 2FA on specific accounts

If the Enforce two-factor authentication setting is not enforced for all accounts, it will be optional for each ftrack Studio account.

To enable 2FA per account, the user must go to My account > Security settings and click on Enable 2FA in the Two-factor authentication window.

2022-12-12_12-48-40.jpg

 

Next, ftrack Studio requests the user to follow the same procedure as detailed above in Logging in with 2FA. Download and install a preferred app, scan the QR code, and verify using the received code.

2022-12-12_12-49-04.jpg

 

When 2FA is enabled, the user will receive a confirmation message.

Screenshot_2023-01-17_at_09.52.15.png

 

During the user's subsequent login, after they have entered their initial username and password, they will see this screen, which requests a verification code from the authentication app of choice.

2022-12-12_12-49-45.jpg

 

Disabling 2FA

You can disable 2FA on your account via My account > Security settings by clicking on the Disable 2FA button in the Two-factor authentication window.

2022-12-12_12-50-08.jpg

 

2FA can be disabled for other users by an administrator in System settings >  Users and groups. Using the 2FA column or opening the Edit option in the User profile and unchecking the 2FA checkbox.

2022-12-12_12-50-38.jpg

 

2FA Backup codes

If your device containing the authentication app is lost or unavailable, you can utilize backup codes instead.

 Please note: This is a preemptive measure – backup codes must be accessed, downloaded,   and stored at a time when the device is still available.

 Tip: We recommend storing your codes somewhere safe for later use. As with your   authentication codes, the backup codes are only usable to others if they also have access to   your password.

 
To generate a backup code, go to My account > Security settings, go to the Two-factor authentication window, and click Generate backup codes button.
 
2022-12-12_12-51-04.jpg

 

Enter a code from the authentication app to proceed.

2022-12-12_12-51-31.jpg

 

The backup codes are then generated and can be copied or printed for safe storage and use if your device/authentication app is unavailable.

2022-12-12_12-51-57.jpg

 

Backup codes come in sets of ten. You can generate a new set at any point, which will make the old set inactive.

Troubleshooting, FAQ

How do I log in if the administrator at my facility has lost their 2FA device and backup codes?

Please contact our support using the 'Submit a request' button, or via support@ftrack.com. We can get you logged in safely and securely.

How do I log in with 2FA if I’ve lost my phone?

You can access and use backup codes if you have them stored. Alternatively, ask an administrator to disable 2FA on your account from System Settings.

How to get new backup codes if I’ve lost them?

Head to your account page. You can generate ten new backup codes for safe storage. These codes will automatically replace the previously generated backup codes.

How can I move my 2FA to the new phone?

Login to ftrack Studio and head to My account, where you can disable 2FA for your account using your old phone. You can then enable it again using your new phone.

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more