Account-wide two-factor authentication is available for all Harvest accounts and is required for all Harvest accounts connected to Xero. We have answers below to some questions you might have about what this means and how it affects you and your teammates. 

You can learn more about what 2FA is and how to enable and disable it in the following articles:

• Enable two-factor authentication (2FA) in Harvest
• Enable and disable two-factor authentication in your profile
• Troubleshoot issues with two-factor authentication

If you have any other questions, please use the Contact Us button at the top right.

What if I currently use Google Sign-In or SAML SSO? 

You can use a single sign-on (SSO) option (Google Sign-In or SAML SSO) and Harvest 2FA when signing in (no need to disable your SSO to set up 2FA). In this case, you'll initially sign in via SSO, then you'll enter your Harvest 2FA code.

Note that if your Harvest account is connected to Xero, Harvest 2FA is required. You won’t be able to use an SSO option in place of Harvest 2FA.

What if I belong to multiple Harvest/Forecast accounts, and not all of them have 2FA enabled?

If you belong to multiple accounts and at least one of those accounts requires 2FA, you’ll always need to use 2FA when signing in, regardless of which account you want to access. 

Can I enable 2FA for myself only? 

No. 2FA will need to be enabled account-wide as a sign-in requirement. This means everyone on the account will be prompted to set up 2FA before they can access Harvest again.

What is an authenticator app, and which one should I use? What if I lose access to my authenticator app?

For more information about using an authenticator app, see Use two-factor authentication with an authenticator app.

How long does a 2FA sign-in code last? 

Any given code is valid for 5 minutes. However, most authenticator app codes will change every 30 seconds, and only the current code is valid to use.

What if I see a notice about Basic Authentication?

2FA is incompatible with Basic Authentication, which means any applications or integrations using Basic Auth that are connected to your Harvest account will break when you enable 2FA. If you have any questions about Basic Auth or the implications around this, please get in touch with Harvest Support.