In this article we show how you can log in as a user if two-factor authentication is mandatory in the office environment. You have the choice to receive the verification code via Authenticator app or via SMS message.
The information in this article is for all users in Basecone who use two-factor authentication. Are you a superuser and do you want more information about the settings at the office level? Read this article.
Log in for the first time with two-factor authentication
The first time a user logs in to Basecone, a choice must be made whether you want to receive the verification code via an authenticator app or via a text message. This after the two-factor authentication is mandatory by the superuser of the office environment. After logging in with your username, password and office code, the screen below will appear.
Log in via authenticator app
Follow the steps below for the correct settings for logging in with the authenticator app.
Install an authericator app on your phone or tablet. All authenticator apps that use the TOTP method are suitable. For example Google authenticator, Microsoft authenticator, Authy, Lastpass etc.
Check the Authenticator app. And click on Confirm. You will then enter a new screen.
Scan the QR code with the authericator app on your phone or tablet. You will immediately receive the verification code in the app.
Are you unable to scan the QR code? Then use the key by entering it in the app.
Enter the obtained verification code in the appropriate field. Click on Confirm. Then a new screen will open.
Save and keep the recovery code. For example by making a print screen or by copying the code. We only show these codes once. Note: each recovery code consists of 8 digits, so you will receive 6 recovery codes in total.
The next time you log in to Basecone, you will see the screen below after logging in with your username, password and office code. You then open the authenticator app and copy the code from the app to your screen.
Frequently asked questions about the authenticator app:
Can a superuser decide whether I log in with SMS or the app? No, because the configuration of the method (SMS or authenticator app) has to be done by the user.
Can I turn off the two-factor authentication setting myself? No, two-factor authentication setting is enabled by a superuser per office environment and applies to all users in that office environment.
What if I can no longer use my authenticator app because my phone is broken or stolen? When setting up the two-factor authentication you will receive 6 recovery codes. You can use one of these recovery codes to log in again. Note that each recovery code can only be used once.
What if I can't use my authenticator app and I don't have my recovery codes? In this special case, you can contact email@example.com to reset the configured authenticator app. You can then reconfigure the app.
What if I enter the wrong verification code? After three false login attempts, you will be blocked for 15 minutes. If you don't want to wait, you can set a new password with the forgot password option.
How can I switch to the authenticator app? I now use SMS messages. Log in in the usual way. Then go to Settings> Users> Edit (actions)> General tab> Second authentication method. See the image below. Then choose authenticator app and follow the instructions on the screen.
Log in using verification code sent by SMS
If the two-factor authentication is enabled and set as mandatory in your office setting, there are three login scenarios. This depends if your mobile number is registered in Basecone or not.
When you enter your username, password and office code in the login page, you will be redirected to the following screen where you can verify your login account.
Registered mobile number (confirmed)
When the mobile number is registered and confirmed in Basecone, an SMS with verification code is automatically sent to the mobile number. After entering the verification code, you will be logged in to the web application.
Registered mobile number (not confirmed)
When the mobile number is entered in Basecone but has not been confirmed yet by the user, the mobile number will be shown in the login screen. Control this number in the screen, then click on "Continue" and an SMS with verification code is sent to that mobile number. After entering the verification code, the mobile number is registered and you will be logged into the web application.
Unregistered mobile number
If the mobile number is not registered in Basecone, you can manually enter the mobile number in the following screen after you enter your login credentials. After the mobile number is entered, click on "Continue" and an SMS with verification code is sent to that number. After the verification code is verified, the mobile number is saved and registered in Basecone and you will be logged into the web application.
📌 Two-factor authentication is (even) safer if you disable the settings to display your your messages on your mobile screen. If this feature, called preview is enabled, another person can read the verification code without having to log in to your device.
SMS not received
If you do not receive the SMS, click "Resend" and the SMS will be resent. If the wrong number is entered as the mobile number, you can return to the previous screen and re-enter your phone number.
Change your existing registered number
If you can no longer log in because you no longer have access to your (confirmed) phone number due to theft or have lost your phone, you can take the following actions:
The superuser or accountant can delete the saved phone number and re-enter the new number in your user settings.
You can enter a new mobile number in the next login attempt and then log in with the received verification code.
If you cannot find your superuser or accountant to delete this number, please contact the Support Team of Basecone via a message in the application or app, or by mail at firstname.lastname@example.org.