To provide an extra layer of security, we recommend that organizations enable multi-factor authentication (MFA) for Teamworks AMS. This helps to keep your account secure in case your password is stolen.
If MFA is enabled for your site or your role, you’re required to authenticate certain actions (such as logging in or updating your account) or periodically (e.g. once a month) by providing a code.
Authentication is done on a device-by-device basis, so if you’re using two devices, such as a computer and a phone, you’ll need to authenticate them separately. Any time you need to authenticate your AMS account, you’ll need to enter a code. Note that the codes used by both methods expire within a short time period and each code can only be used once.
This article covers the following topics:
- Setting up MFA for your account
- Using an MFA code
- Changing your MFA method
- Using backup codes when you're unable to access an MFA code
Setting up multi-factor authentication for your account
If you have not previously selected your preferred multi-factor authentication method, you will be prompted to do so the first time you log into AMS. You can choose which method you want to use to complete this step:
- You can receive an SMS with a six-digit code.
- You can receive an email with a six-digit code.
- You can set up an authentication app (like Google Authenticator, Microsoft Authenticator or Authy) to automatically generate six-digit codes.
Depending on the settings applied to your role and site, you may be limited to specific channels.
Authentication via SMS
If you want to authenticate via SMS (text message), you must ensure that:
- The phone number saved against your AMS account is correct, including checking that it is set to Mobile.
- You have access to your phone and it can receive text messages, especially when you’re traveling or in an area with poor mobile reception. If this is not possible, consider using an authentication app instead.
During the set-up process, you can add or edit the mobile phone number associated with your AMS account.
Authentication via email
If you want to authenticate via email, you must ensure that:
- Your email address is correctly recorded in AMS.
- You can access your emails immediately after requesting an MFA code so that the code doesn't expire. If this is not possible, consider using an authentication app instead.
When you get a code from AMS via email, it will be sent from noreply@smartabase.com.
During the set-up process, you can change your account email address if required, to ensure your contact details are correct.
Authentication via an authentication app
If you want to authenticate using an authentication app, you’ll need to follow specific steps to get it set up. However, once set up, this is a very reliable way of ensuring you can complete authentication.
Anyone using more than one AMS site (for example, when your organization uses an enterprise AMS system with multiple sites on one server) must set up authentication for each AMS site.
To use an authentication app, install a reputable authentication app from the App Store (iOS) or Play Store (Android). We recommend the Google Authenticator app.
Web
Mobile App
Follow the steps below to set up MFA from AMS on the web:
- From the MFA setup page, select that you want to use an authentication app to generate codes.
- If you don’t already have an authenticator app installed on your mobile device, install one from the app store (e.g. Google Authenticator).
-
Steps for the Google Authenticator app:
- If you haven’t set up any codes in the app previously, select Add a code. Alternatively, select the plus (+) icon to add a new account.
- Choose to set up an account by scanning a QR code.
- Use your mobile device to scan the QR code on your web browser.
- The account will be created in the Google Authenticator app and you should see a six-digit code that is periodically refreshed.
- After setting up the key in the authenticator app, return to AMS and select Next.
- Select Confirm to verify the authentication method
- Enter the current MFA code shown in the authenticator app, then select Continue.
- Reveal the backup codes and store them somewhere safe. These can be used to access your account if you are unable to retrieve an MFA code.
- Select Finish to finalize the MFA setup.
Follow the steps below to set up MFA from the AMS mobile app:
- From the MFA setup page, select that you want to use an authentication app to generate codes.
- Select Open App Store to open the app store and install the Google Authenticator app on your mobile device. If the Google Authenticator app is already installed on your device, select Open App.
-
Steps for the Google Authenticator app:
- If you haven’t set up any codes in the app previously, select Add a code. Alternatively, select the plus (+) icon to add a new account.
- Choose to set up an account with a setup key.
- Provide a name for the account. This does not need to be your AMS username, but we recommend naming the account something that tells you where you’ll be using the code generated for this account.
- Return to the AMS app and copy the 16-digit authenticator key by tapping the icon next to the key.
- Paste the authenticator key from your AMS account.
Alternatively, manually enter the key from the mobile app. This isn’t case sensitive so you can enter it using upper or lowercase letters. - Ensure that the time-based setting is activated.
- Select Add to save the account.
- When you return to the Google Authenticator home screen, you should see a six-digit code that is periodically refreshed.
- After setting up the key in the authenticator app, return to the AMS app and select Next.
- Confirm the setup by entering an MFA code from the authenticator app. In the Google Authenticator app, you can tap the code to copy it, and then paste it into the AMS app. Ensure you Allow paste in the pop-up.
- Copy the backup codes and store them somewhere safe. These can be used to access your account if you are unable to retrieve an MFA code.
- Select Finish to finalize the MFA setup.
Using a multi-factor authentication code
If you are using the email or text message method, enter the code you receive into AMS.
If you are using the authentication app method, open the app on your mobile device and enter the code it displays into AMS.
If using an authenticator app with the AMS app, you can paste an MFA code into the AMS app, rather than entering the number manually.
Changing your multi-factor authentication method
You can change your MFA method in your account settings on the web.
If your MFA preference is changed, either by you or an administrator, you need to log in using your previous preference one last time before setting up a new method. For example, if you previously used SMS but your preference has changed to Authenticator app, you will need to verify your account once more using SMS. You will then be guided through the setup process the next time you are required to authenticate your account.
Using backup codes
When you first set up MFA, you’re provided with some backup codes. You can use a backup code if you can’t receive an MFA code because you don’t have access to your usual authentication method (for example, your phone battery is flat or you don't have cellular reception to receive an SMS).
If you need to use a backup code, there’s a button on the MFA screen.
Each backup code can only be used once. Once a backup code is used, you should remove it from your saved list.
Because the backup code is for single use only, logging in with one does not register your device. On your next login, you will either need to use your usual authentication method to enter an MFA code or use another backup code.
If you have used most of your backup codes or if you have not saved a copy of your backup codes, you should generate new backup codes. This can be done by logging into AMS from a web browser. Navigate to your account page and select Generate new MFA backup codes. Keep a copy of your new backup codes in a safe place.
Administrator backup code
If you are unable to receive an MFA code and you can’t use your backup codes, an administrator can access a backup code for you. Administrators only have access to one single-use code per person and cannot regenerate codes. You should refresh your backup codes via your account page on a web browser immediately after an administrator provides you with a code, then store them somewhere safe. This process will also regenerate the backup code for administrators.