Harvest offers two-factor authentication (2FA) for increased sign-in security. Two-factor authentication is required for Harvest accounts using the Xero integration, due to Xero's security requirements. It can also be enabled in any other Harvest account, whether team members sign in with a password, with Google Sign-In, or via SAML SSO.

This article focuses on enabling and disabling 2FA account-wide and requiring sign-in with 2FA for your account. We also have the following articles on 2FA:

• Enabling and disabling two-factor authentication in your profile
• Troubleshooting sign-in issues with two-factor authentication
• Two-factor authentication FAQ

What is two-factor authentication?

Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process that requires two different authentication factors to sign in to an account. 2FA better protects both a person's credentials and the resources they can access.

In this case, in addition to your password, Google sign-in, or SAML SSO sign-in, you’ll need to use a code (either from an authenticator app or sent to your email) to sign in to Harvest, wherever you use it—including the web app, mobile apps, and desktop apps.

Enable two-factor authentication in your Harvest account

What happens when you require two-factor authentication for everyone in your Harvest account

Once 2FA is required, everyone in the account will be signed out and must complete 2FA setup for their own profile before they can continue using Harvest (and any connected Forecast account). Anyone who's not signed in will be prompted to set it up the next time they sign in.

Everyone on the account will receive an email that 2FA is now required for the account as soon as the setting is saved, but please note that your team might be affected before they have a chance to read that email. We recommend communicating some of these details to your team before enabling the setting.

How to require two-factor authentication for everyone in your Harvest account

Only Administrators can set a Harvest account to require 2FA.

1. In Harvest, go to your Settings.
2. Click Sign in security in the left sidebar.
3. Check the box for Require two-factor authentication for this account.
4. Click Save settings.

You’ll then be taken to the Security section of your Harvest ID where you'll set up two-factor authentication for your individual profile. Everyone else in your company’s account will also need to set this up for themselves the next time they access the account.

Once you’ve signed back in to your account, you’ll be brought back to Settings in Harvest.

Disable required two-factor authentication for your Harvest account

Only Administrators can remove the 2FA requirement. All Administrators on the account will receive an email notifying them that the requirement has been disabled.

If your account is connected to Xero, you'll need to disconnect from Xero before you can disable two-factor authentication. 

1. Go to your Settings. 
2. In the Preferences tab, click Edit preferences. 
3. In the Sign in security section, uncheck the box next to Require two-factor authentication (2FA) for this account.
4. Click Save preferences.

This will turn off the requirement for 2FA, but individuals who want to disable sign-in with 2FA for their own profile will need to do that manually following the steps in Enabling and disabling two-factor authentication in your profile.