GreenArrow Email Software Documentation

Two-Factor Authentication


Each Studio User can have Two-Factor Authentication (2FA for short) enabled. 2FA offers an extra layer of security, requiring more than knowledge of a single password to gain access to your account.

GreenArrow supports the Time-based one-time password algorithm. This algorithm involves a shared secret known only to GreenArrow and your secured authentication app (e.g. 1Password). The shared secret is transmitted over the Internet only a single time – at the time of configuration. Subsequently, when signing into GreenArrow, a new One-Time Password is generated to verify that you are in posession of the shared secret.

Once 2FA is configured, GreenArrow will require your second form of authentication to gain access to GreenArrow’s user interface. GreenArrow never requires 2FA authentication for access to the GreenArrow Studio API.

Code re-use

When a one-time password is used, it cannot be reused. This means that if a user quickly signs in, signs out, and attempts to sign back in – they might “beat” the 30 second clock upon which the one-time password is generated. In this case, the user should wait for a new one-time password and retry.

Configuration in User Interface

Enabling 2FA configuration

In order to add 2FA to a user, you must be signed in as that user.

  1. Navigate to the “My Account” section of the “Admin” menu.
  2. Click “Enable two-factor authentication” and follow the instructions on the form.

Removing 2FA configuration

If a user loses their authentication or otherwise wants to remove 2FA from their account, you can accomplish this in the user interface.

  1. Navigate to the “My Organization” section of the “Admin” menu.
  2. Click the view icon on the user for which you want to remove 2FA configuration.
  3. Click “Remove two-factor authentication” and confirm the prompt.

GreenArrow Engine

GreenArrow Engine also supports Two-Factor Authentication.

Copyright © 2012–2024 GreenArrow Email