This guide explains how Curator administrators can set up two factor authentication for the Curator system.
Two factor authentication can be used by any individual user; this can also be made mandatory for all users.

Two factor authentication user setup

For a user to enable two-factor authentication:
Once logged in, on Curator Gateway, select Profile and then enable Two Factor Authentication by editing the setting.

Once enabled, the following page will be presented and the user can set up their two factor authentication with either Google authenticator or Microsoft.

 Once set up, on the next login attempt using the same account, the user will be prompted for the authentication.

To disable two factor authentication, the user must log in again and select the same two-factor authentication button within the Profile tab.

Setting up mandatory two factor authentication (for admins)

To make two factor authentication mandatory for all users upon login, sign in to Curator using an account with the ADMIN role. Typically, it's best to use the sysadmin account for this.

Once logged in, select the Options button on the left-hand panel in Curator Gateway.
At the bottom of the options page, select Configure.

From this page, you can alter a number of login options, including enforcing two factor authentication (as shown below):

Select the Enforce Two Factor Verification checkbox, and update the token period to the desired length (typically this can be left as its default value).

Once selected, confirm the changes. 

When a user next logs in they will be presented with the same two factor authentication setup page.