---
title: "Setting Up 2FA (Two Factor Authentication)"
slug: "2fa-two-factor-authentication-in-decisions"
updated: 2025-06-24T20:20:54Z
published: 2025-06-24T20:20:54Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://documentation.decisions.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Setting Up 2FA (Two Factor Authentication)

## Overview

**2FA**(**Two-****Factor****Authentication**) is an extra security method used to increase the number of requisites to log in to an Account. This method requires the user to respond to a security question, provide an emailed passcode, etc.

### Important Considerations

The 2FA email is sent from the Default Email Address defined in Portal Settings. By default, this email address is set to admin@decisions.com.

To ensure the proper functioning of 2FA email notifications, it is essential to update the Default Email Address. For more information, refer to [Email and SMTP in Decisions](https://documentation.decisions.com/docs/email-and-smtp-in-decisions?highlight=Default%20Email%20Address).

Also note that 2FA will not work when the Decisions login is set up with **Single Sign-On (SSO)**.  
2FA is only meant for use with the login process. It cannot be called from a Flow via API.

---

## Configuration

1. Navigate to **System > Settings**, right-click **Portal****Settings******and select **Edit**.
2. From the **Edit Portal Settings** window, scroll down to log in and check the**Enable Two-Factor Authentication** box.
3. Under **Two-Factor Authentication Token Type**, select the desired option, Numeric Only or Alphanumeric.
4. Under **Two-Factor Authentication Token Length**, dictate the desired length (number of characters) for the Token.
5. Under **Two-Factor Authentication Token Timeout**, provide the desired number of **Minutes**for the Token's expiration.
6. For v9.12 and above there is a setting **Two-Factor Authentication Required Password**. This will require the user to enter their password after entering their token on the authentication page.
7. If desired, select an option under the **Two-Factor Authentication Token Email Template**.
8. Click SAVE to save changes and exit the Portal Settings. ![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/2024-07-31_11h59_39.png)
9. Navigate to **System > Security > Accounts**; locate the desired **Account**, right-click it, and then select **Edit****Account**. In v9.12 and above, newly created accounts do not need to have this applied to them.
10. Under the Edit Entity screen, check Enable Two-Factor Authentication under the SECURITY category. Then, click SAVE. 

![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/2024-07-31_12h00_40.png)
11. Attempt to log into the Account, navigate to the Account's Email inbox, and copy the received **authentication****token**. Then, navigate back to the **Login**screen.
12. SUBMIT the copied AUTHENTICATION TOKEN. If the token has expired, the user will get a prompt instructing them to login again. This will cause an email to be sent with a new token.**![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/2022-10-04_10h43_44.png)**

---

## Feature Changes

| Description | Version | Release Date | Developer Task |
| --- | --- | --- | --- |
| Various updates. See the release notes for more. | [9.12](https://documentation.decisions.com/v99/docs/version-912x-release-notes) | June 2025 | [DT-044756] |