Setting 2-factor Authentication (2FA) for login

2-factor authentication enhances 3DEXPERIENCE platform access security by enabling you to use a TOTP (Time-based One-Time Password) compliant app on your personal mobile device.

2-FA authentication is also available for Web Apps or Native Apps.

This task shows you how to:

Before you begin:

Download a TOTP-compliant app on your mobile device.

Log in with the 2-FA

  1. Access your 3DEXPERIENCE ID profile by logging in through the 3DPassport URL.

    Tip: You can also activate the 2-FA while logged into the 3DEXPERIENCE platform by clicking Me > My Profile > Account > 2-Factor Authentication and go to step 3.

  2. Edit your 3DEXPERIENCE ID profile.

    If your Administrator allows you to use the 2-Factor Authentication, the profile page must contain 2-Factor Authentication option.

    Click 2-Factor Authentication.

    The 2-Factor Authenticationdialog box appears.

    If your Administrator forces users to use the 2-FA, you do not need to edit your 3DEXPERIENCE ID profile. The 2-Factor Authentication dialog box appears right after the first authentication.

  3. Click Activate.

    The Security Questions dialog box appears.

    Fill in the form.

  4. Click Save.

    The 2-Factor Authentication Activation dialog box appears.

  5. In your TOTP-Compliant app:
    1. Flash the QR code containing the TOTP secret key.
    2. Enter the code displayed in the 2FA Backup key input.

      When the TOTP-compliant app recognizes the QR code, it reads the information held by the QR code and display a success message. The app is now paired with the 3DPassport.

      The TOTP-compliant app displays a different 6-digit code every 30 seconds.

    3. Click Validate.

    You will receive an email confirming that you have enabled the 2-factor authentication for your account.

    Another dialog box appears to inform you that the 2-FA is enabled.

  6. Optional: Perform a test by logging out then logging in again.

    This time, you will be prompted to enter a code generated by the TOTP-compliant app.

    Enter the code and click Validate to continue.

    Note:
    • The mobile device hosting the TOTP-compliant app and the 3DPassport must be operating at the same clock time. If not, the app may generate invalid codes.
    • You can ask your Administrator to disable the 2FA if you have login issues.

  7. Optional: If your Administrator allowed users to define trusted computers for 2-FA, you are prompted to enter a code generated by the TOTP-compliant app, but this time the dialog box contains the Trust this computer check box.
    1. Enter the code, click Trust this computer.
    2. Click Validate to continue.

    You will no longer need to enter a code to log in again in the future in the browser.

Recover your account

In certain cases (device stolen, app corrupted, account deleted by mistake,…), you may no longer be able to provide the right code generated by the TOTP-compliant app, consequently there is no way to retrieve the existing secret TOTP key. Access to your account will then be blocked.

  1. Click Continue to account recovery

    The Security Questions dialog box appears.

  2. Answer the questions and click Check.

    You will receive an email containing a link to follow.

  3. Follow the link and retype the username and password. The 2FA will be deactivated for your 3DEXPERIENCE ID and a warning message will prompt you to reactivate it manually.

Deactivate the 2-FA

To deactivate the 2FA, log on, click 2-Factor Authentication and click Deactivate.

If you had the 2-FA enabled, enter the code provided by your TOTP-compliant app.

You will receive an email confirming that the 2FA has been deactivated and containing a link to follow if you want to reactivate the 2-FA later.

When the 2-FA is deactivated, you can remove your TOTP account from the app you use to generate the codes.

Note: If the Administrator forces users to use the 2-FA, the user whose 2-FA has been disabled will be prompted to activate it again.

Transfer the 2-FA capability from one device to another

If you need to transfer 2FA capability from one mobile device to another (for example, when acquiring a new mobile device), you must deactivate the 2-FA on the old device and regenerate the 2FA secret key for the new device.

  1. Click 2-Factor Authentication and click Transfer.
  2. To deactivate the 2FA on the old device, enter the code provided by your TOTP-compliant app paired on your old device.
    The 2-Factor Authentication Activation dialog box appears. You can use the Compliant app on the new mobile device to scan the QR code and pair the device with the account.
  3. Enter the code provided by your TOTP-compliant app paired on the new device.

    You will receive an email confirming that 2FA has been successfully enabled for your account.