Enabling Two-Factor Authentication for your Absolute account
You can add an extra layer of security to your Absolute account by enabling Two-Factor Authentication (2FA). When 2FA is enabled, all users need to enter a six digit verification code in addition to a username and password when they log in to the Secure Endpoint Console. Users can generate verification codes by installing a 2FA app on their mobile device, such as a smartphone, and configuring their Absolute user account on the app.
Absolute supports 2FA using the following apps:
- Google Authenticator ™
-
Duo Mobile
The Push feature is not supported.
- Microsoft Authenticator
Absolute has tested and validated 2FA on iOS and Android devices using the applications listed above. If you prefer to use another 2FA application, you should be able to use any app that supports time based one time passwords (TOTP).

Before you enable 2FA, note the following:
- To successfully authenticate a user, the date and time on the user's device must be correct (see step 1).
- If a user becomes unable to generate verification codes, (for example, they delete the 2FA app or lose their mobile device) you can reset 2FA for the user.
- If Single Sign-On (SSO) is enabled for your Absolute account, you can't enable Absolute's 2FA solution, and vice versa. However, if your SSO IdP includes its own two-factor authentication solution, that solution can be enabled.
- 2FA does not affect access to the Absolute public APIs. They are still authenticated using an API token.

To enable 2FA for your entire Absolute account, you first need to set it up for your own user account.
This section contains detailed steps for setting up the Google Authenticator app. If you are using another 2FA app, refer to the app's documentation for details about setting up a new account.
To set up 2FA:
-
On your mobile device, download and install a 2FA app of your choice, and then set the correct date and time.
For example, on the Google Authenticator app:
-
Do one of the following:
- On an iOS device, go to the App Store and search for, download, and install the Google Authenticator app.
- On an Android device, go to the Google Play Store and search for, download, and install the Google Authenticator app.
-
Set the date and time on your mobile device by doing one of the following:
On an iOS device
- On your device, tap Settings > General > Date & Time.
- If the Set Automatically switch is not enabled, enable it. This setting automatically sets the date and time on your device based on your time zone.
- Close Settings.
On an Android device
- Open the Google Authenticator app on your device and tap
> Settings.
- Tap Time correction for codes and tap Sync Now.
- Close the Google Authenticator app.
-
- Log in to the Secure Endpoint Console as a user with Manage permissions for Authentication. The System Administrator role is the only Default role with this permission.
- On the navigation bar, click
Settings >
Authentication settings.
- In the Two-Factor Authentication area, click .
-
Do one of the following:
- If this is the first time you're enabling 2FA for your Absolute account, the Enable Two-Factor Authentication dialog shows. Go to step 6.
-
If Two-Factor Authentication was enabled before, but it's now disabled, the Reset Two-Factor Authentication for all users dialog shows. Do one of the following:
-
To enable 2FA without resetting it for all users, click Enable.
Select this option if 2FA was disabled recently and it's unlikely that users have made any changes to the Google Authenticator app on their device.
-
To enable 2FA and reset it for all users, click Reset and Enable.
Select this option if it's been awhile since 2FA was disabled and it's likely that at least some users won't be able to successfully generate verification codes (for example, they removed the Google Authenticator app, or they purchased a new mobile device). Users will be able to reconfigure their Absolute user account in the Google Authenticator app.
-
The Enable Two-Factor Authentication dialog shows.
-
Open the 2FA app on your device and add your Absolute account.
For example, to add your Absolute account to the Google Authenticator app:
- Tap the + icon and tap Scan a QR code. The camera is activated.
-
Use your device to scan the QR code on the Enable Two-Factor Authentication dialog.
The email address associated with your Absolute user account is added to the app on your device and a six digit verification code shows. Note that the code changes every 30 seconds.
If the QR code fails to scan, do the following:
- Tap the + icon and tap Enter a setup key.
- In the Account field, enter the email address you use to access your Absolute account.
- In the Enter code field, enter the 32-digit key that shows directly under the QR code on the Enable Two-Factor Authentication dialog.
- Ensure that the Time based option is selected and tap Add.
-
On the Enable Two-Factor Authentication dialog, do the following:
-
In the Enter verification code field, enter the six digit code that currently shows in the app.
If an Invalid code error message shows on the dialog, the verification code failed for one of the following reasons:
-
The code has expired because too much time has elapsed since the code was generated. Wait for the app to generate a new code and then enter it.
If you're using Duo Mobile, enter the new code immediately after it's generated to avoid seeing the Invalid code error message again. If this still doesn't resolve the issue, close and reopen Duo Mobile before trying again.
- The date and time on your device is incorrect. Follow the instructions in step 1b before trying again.
-
- Click .
- On the confirmation message, click .
-
2FA is enabled, and a Two-Factor authentication enabled event is logged to Event History.
An email is sent to each user associated with the account instructing them that to log in to the Secure Endpoint Console, they'll now need to generate a six digit verification code on their mobile device and enter it with their password. The next time a user logs in, they're directed to the Enable Two-Factor Authentication page to set up the 2FA app of their choice on their device.