Enabling two-factor authentication (2FA) in Harvest

Harvest supports single sign-on (SSO) through Google and two-factor authentication (2FA). This article covers how to enable 2FA. For information about SSO and Google sign in options, see our article on signing in with Google

Two-factor authentication is required for Harvest accounts using the Xero integration, due to Xero's security requirements. 

Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process that requires two different authentication factors to sign in to an account. 2FA better protects both a person's credentials and the resources they can access. In this case, in addition to your password or Google sign-in, you’ll need to use a code (either from an authenticator app or sent to your email) to sign in to Harvest, wherever you use it—including the web app, mobile apps, and desktop apps.

This article focuses on enabling and disabling 2FA account-wide and requiring sign in with 2FA for your account. We also have the following articles on 2FA:

Enabling two-factor authentication

When the option to require 2FA is enabled, everyone who's currently signed in (including you) will be signed out and brought to Harvest ID to enable 2FA. Anyone who's not signed in will be prompted to set it up the next time they sign in.

Everyone on the account will receive an email that 2FA is now required for the account as soon as the setting is saved, but please note that your team might be affected before they have a chance to read that email. We recommend communicating some of these details to your team before enabling the setting

Requiring two-factor authentication for everyone in your account

Only Administrators can set a Harvest account to require 2FA.

Once 2FA is required, everyone in the account will be signed out and must complete 2FA setup for their own profile before they can continue using Harvest (and any connected Forecast account).

Enable two-factor authentication in your Harvest account

  1. In Harvest, go to your Settings.
  2. Click Sign in security in the left sidebar.
  3. Check the box for Require two-factor authentication for this account.
  4. Click Save settings.

You’ll then be taken to the Security section of your Harvest ID where you'll set up two-factor authentication for your individual profile. Everyone else in your company’s account will also need to set this up for themselves the next time they access the account.

Once you’ve signed back in to your account, you’ll be brought back to Settings in Harvest.

Disabling two-factor authentication

Disabling the two-factor authentication requirement for everyone in your account

Only Administrators can remove the 2FA requirement. All Administrators on the account will receive an email notifying them that the requirement has been disabled.

If your account is connected to Xero, you'll first need to disconnect from Xero before you can disable two-factor authentication. 

  1. Go to your Settings
  2. In the Preferences tab, click Edit preferences
  3. In the Sign in security section, uncheck the box next to Require two-factor authentication (2FA) for this account.
  4. Click Save preferences.

This will turn off the requirement for 2FA, but individuals who want to disable sign-in with 2FA for their own profile will need to do that manually following the steps in Enabling and disabling two-factor authentication in your profile

 

Did you find this article helpful?

Still have questions? We’re happy to help!

Contact us