Limitations with SMS-based two-factor authentication (2FA) for InVision Enterprise
  • 26 Apr 2023
  • 1 Minute to read
  • Dark
    Light

Limitations with SMS-based two-factor authentication (2FA) for InVision Enterprise

  • Dark
    Light

Article Summary

If your Enterprise team has set up two-factor authentication (2FA) for InVision, using SMS as the delivery method will likely be problematic for any members of your team located in a country that heavily restricts automated SMS messages (e.g. India, China, or France). People in these areas may only receive SMS messages from InVision intermittently—or not at all. These limitations are due to local laws in the affected countries; therefore, InVision is unable to resolve the problem.

In these cases, we recommend using the Google Authenticator option rather than SMS. This method is reliable nearly anywhere, because it doesn't rely on SMS and instead uses a standard called TOTP (Time-based One-Time Passwords). Therefore, Google Authenticator and similar apps work well even if the device on which the authenticator app is installed is currently offline.

Though the InVision interface references Google Authenticator, any TOTP-compliant 2FA application should suffice, especially if Google Authenticator isn’t available as an option in your area. Alternatives include LastPass Authenticator, Authy, and others. InVision cannot recommend any particular solution, so we encourage you to work with your internal IT services personnel to identify the TOTP-compliant 2FA app that's best for your organization. You should then be able to click the Google Authenticator option in the InVision interface to enable 2FA for InVision using theTOTP-compliant 2FA app your IT team recommends.

Regardless of the selected 2FA method, the backup codes should be carefully saved when configuring 2FA for the first time. If a member of your Enterprise runs into trouble signing in after enabling 2FA, they will need to enter their backup codes in the Verification code field.

Each of the backup codes can be used once to sign in to the account, bypassing the need for an authentication device.

invision-v6-2fa-enter-backup-code.jpg

If the member has lost access to the backup codes, please reach out to our support team.


Was this article helpful?