Two-factor Authentication

AI Tools

Two-Factor Authentication (2FA) is essential for protecting your Omnichannel account and sensitive data from unauthorized access, helping your business meet security standards and maintain customer trust.

To strengthen security while supporting operational scalability, Qiscus has expanded its 2FA options on the Omnichannel Platform. Users can now choose between Authenticator Apps and the newly added Email OTP as their secondary verification method.

Administrative Configuration

2FA settings are managed by admins through the Settings page. Admins can enable or disable 2FA for admin, agent, and supervisor accounts

Global 2FA Activation

Here are the key points:

  • Mandatory Setup: Once enabled, all users (Admins, Supervisors, and Agents) must configure their preferred OTP method during their next login attempt.
  • Email Restrictions: Agents and Supervisors are not permitted to change their own email addresses; all updates must be performed by the Admin via the Agent Management page.
  • OTP Authentication: Enhance your account security with OTP (One-Time Password) login feature from Authenticator App.
  • Verified email: Make sure the email used to receive your OTP code is active and accessible.
  • Recovery Request:
    • As a Supervisor or Agent, you can request a recovery to your Admin if you're unable to use your current OTP.
    • As a Admin you can recover with your Omnichannel account email address.

Follow this steps to implement Two-factor Authentication to your Omnichannel Account:

How to Setup Two-factor Authentication

Enable Two-factor Authentication

  1. Go to the Setting menu page on the sidebar.
  1. On the chat session click General and select Two-factor Authentication. Click the Toggle Button, the default is disabled.
  1. Before it, prepare your Authenticator Apps such as Google Authenticator Apps, or another similar app.
  2. Fill in your Omnichannel password, then click Continue.
  1. You will be presented with the Two-Factor Authentication options. Chose to authenticate with the Authenticator App, select the Authenticator App and click Continue.
  1. For the first time, when you want to enable this feature, The QR code and Set-up Key will be displayed. This QR code or Set-up Key functions to connect to the Authenticator Apps by scanning it.
  1. After you scan it on the Authenticator Apps, you will get the Security Code. Enter the Security Code, then click Enable.
  1. You have successfully enabled the 2FA feature with Authenticator Apps and the newly added Email OTP , which is already set to Admin, Supervisor, and Agent.

If Two-factor Authentication is ENABLED, the payload for the authentication_token in the (/api/v1/auth) will be return null.
  1. Admins can configure the authentication methods in the Agent Management settings. Agents and Supervisors can sign in using Email OTP, an Authenticator App, or both, depending on the options enabled by the Admins.

Login with Two-factor Authentication

Once admins enable 2FA, all admin, agent, and supervisor users must complete 2FA verification each time they sign in. Verification can be done through either an Authenticator App or Email OTP.

Authenticator App

  1. You are logged as Admin, with entered the email and password Omnichannel Account.
  1. First time, after Admin set-up enabled the Two-factor Authentication. You will be presented with the Two-Factor Authentication options. Chose to authenticate with the Authenticator App, select the Authenticator App and click Continue.
  1. Scan the QR code displayed on your screen using your Authenticator app. Enter the security code shown in the app, then Click Submit to complete.
  1. Two-Factor Authentication has been successfully set up. You'll be automatically redirected to the login page.
  1. After signing in, enter the code from your Authenticator App and click Continue..
  1. Now you can access the Omnichannel Dashboard.

Email OTP

  1. You are logged as Admin, with entered the email and password Omnichannel Account.
  1. After Admin set-up enabled the Two-factor Authentication. You will be presented with the Two-Factor Authentication options. Chose to authenticate with the Email and click Continue.

If the OTP code cannot be delivered because your email is no longer active or accessible, contact your admin to update your account email address.
  1. Open your email inbox to find the 6-digit OTP code.
  1. Enter the code into the verification field and click Continue. If you don't receive the OTP code, click Resend to send the code again.

User can request a new code after 60 seconds, with a maximum of 3 requests allowed within a 5-minute window.
  1. Now you can access the Omnichannel Dashboard.

Security Protocols and Rate Limiting

To maintain account integrity, the following rules apply to Email OTP verification:

  • Code Delivery: A 6-digit numeric code is sent to the registered email address.
  • Expiration: The code remains valid for 5 minutes.
  • Rate Limiting: Entering the wrong code 3 times will result in a temporary block on OTP requests for 5 minutes.
  • Immediate Access: Upon entering the correct code, the user is redirected immediately to the Dashboard.

Recovery

Recovery feature is designed to help when users have trouble entering the security code/OTP. If there's an issue, the supervisor or agent can request the admin to reset it. However, if the admin has OTP problems, he will be directed to the email used to reset it. For more details, follow this steps :

Recovery for Supervisor or Agent

  1. You are logged as Supervisor or Agent with entered the email and password Omnichannel Account. In the Two-factor Authentication page, click Need Recovery.
  1. Wait until the admin accepts your request for recovery. If your admin has accepted, re-login to your account with this step.

Recovery by Admin

  1. Go to the Setting menu, click the Agent Management.
  1. On the Role Management tab, click Requested. Click Dismiss button to reject the request or click Reset button to approve the request.

Recovery for Admin

If admin have trouble with their OTP (One Time Password), they can recover it. The recovery process uses the email linked to the admin Omnichannel chat dashboard login.

To recover it, follow this steps:

  1. You are logged in Omnichannel as Admin.
  2. In the Two-factor Authentication page, click Need Recovery.
  1. Check your email for a link to reset OTP to the Authenticator Apps.
  1. Click Reset OTP button.
  1. Please re-login to your account and setup the 2FA with your Authenticator Apps again.

Disable Two-factor Authentication

You can disable the Two-factor Authentication. However, it is important to note that doing this will remove the additional layer of security from your account. We are highly recommends to keeping it enabled.

To disabling Two-factor Authentication, follow this steps:

  1. Go to the Setting menu in the General tab menu select Two-factor Authentication, then click the Toggle Button.
  1. The Pop-up will be appear, click Disable Two-factor Authentication.
  1. Enter the Password account.
  1. You have successfully disable this feature.
VariableType to search · ESC to discard
GlossaryType to search · ESC to discard
InsertType to search · ESC to discard
No matches
  Last updated on Jun 8, 2026
Next to read:
Password Lifecycle Management

Qiscus Technology

On This Page
Two-factor AuthenticationAdministrative ConfigurationHow to Setup Two-factor AuthenticationGlobal 2FA ActivationEnable Two-factor AuthenticationLogin with Two-factor AuthenticationSecurity Protocols and Rate LimitingRecoveryDisable Two-factor AuthenticationAuthenticator AppEmail OTPRecovery for Supervisor or AgentRecovery by AdminRecovery for Admin