Skip to main content

Admin - Setting up 2Factor Authentication

2Factor Authentication is available for extra security

Written by Michael Mulligan
Updated this week

Two-factor authentication (2FA) adds a second verification step to the BMS login process. After entering their password, users with 2FA enabled must enter a one-time password (OTP) from an authenticator app on their phone. Navigate to Admin → Users to manage 2FA settings for your team.

Enabling 2FA for a User

To enable 2FA for an individual user:

  1. Navigate to Admin → Users and open the user's record.

  2. Click Edit on the user form.

  3. Tick the OTP Required checkbox.

  4. Save the user record.

The next time that user logs in, they will be prompted to set up 2FA before proceeding.

Enforcing 2FA for All Users

To require 2FA across all user accounts, navigate to Admin → General Settings and set the require_2fa setting to true. Once enabled, all users must complete 2FA setup on their next login, regardless of their individual OTP Required setting.

First-Time 2FA Setup (User Steps)

When a user logs in for the first time with 2FA required, they will be prompted to set up their authenticator:

  1. Log out of BMS, then log in again with your username and password.

  2. BMS will display a QR code on screen.

  3. Open an authenticator app on your phone (such as Google Authenticator or Microsoft Authenticator).

  4. Scan the QR code using the app.

  5. Enter the 6-digit OTP code shown in the app to confirm setup.

Once set up, you will be prompted to enter an OTP code each time you log in.

Logging In With 2FA

After entering your password, BMS will display a second screen requesting your OTP code. Open your authenticator app, find the BMS entry, and enter the current 6-digit code. Codes refresh every 30 seconds — if a code is rejected, wait for the next one to generate and try again.

Resetting Your 2FA Code

If you need to reset your 2FA setup (for example, if you change phones), click your account icon in the bottom left of the menu bar and select Account Settings. From there, you can reset your authenticator to trigger a new QR code scan on your next login.

If you are locked out and cannot complete the 2FA step, contact your BMS administrator to reset your OTP setting from the Admin → Users form.Admin Users can enable 2FA per user, using the tickbox on the Edit User form

To enforce 2FA for ALL users, update the General Setting 'require_2fa' from 'false' to 'true'.

Logout and then Login, if it's not setup, you will be prompted to Scan a QR code with your phone into an Authenticator App (like Google Authenticator) and Confirm a One Time Password (OTP) code.

You will then be prompted for a OTP when logging in.

Users can reset the 2FA Code from their Account Menu.

Did this answer your question?