Overview

Two-Factor Authentication (2FA) is a critical security feature available in Unbxd Netcore that adds an extra layer of protection to your account. It requires two forms of identification before granting access to the platform.

In addition to your email and password, 2FA requires a time-based one-time password (OTP) generated by an authenticator app. This ensures that even if your login credentials are compromised, unauthorized access to your account is prevented.

2FA is especially important for securing and maintaining the integrity of your product discovery data and workflows.

Unbxd Netcore supports the following methods for 2FA:

  • App Code-Based Authentication: A six-digit code is generated by an authenticator app (such as Google Authenticator, Microsoft Authenticator, or Authy) and must be entered after your password during login.
  • Backup Codes: A set of single-use recovery codes provided at the time of 2FA setup. These can be used when you don’t have access to your authenticator device. Each code can be used only once and should be stored securely.

Important Points to Remember

  • App-based 2FA is the only supported method in Unbxd Netcore.
  • Use a compatible authenticator app such as Google Authenticator, Microsoft Authenticator, or Authy for generating 2FA codes.
  • Only Account Owners/Admins can enable or reset 2FA at the account level.
  • Individual users can enable or disable 2FA from their profile settings if account-level enforcement is not applied.
  • Upon enabling 2FA, users must scan a QR code or enter a manual key using their authenticator app.
  • Backup codes are shown once during setup. Store them securely for recovery in case you lose access to your 2FA device. Each code is single-use.
  • If account-level 2FA is enforced, individual users cannot disable 2FA themselves.
  • Resetting 2FA is possible via the admin dashboard if a user loses access and has no backup codes.

Set Up 2FA: For Admin Users

Account-level 2FA in Unbxd Netcore can be enabled only by the Account Owner/Admin. Once enabled, all users under the account must register for 2FA at their next login.

Follow the steps to enable account-level 2FA:

  1. Log in to the Unbxd Netcore panel using your Account Owner/Admin credentials.

  2. Navigate to **Profile **>**Account Settings ** >**Two-Factor Authentication ** section.

  3. Toggle the switch to enable 2FA for the account.

    Confirm the action to apply 2FA enforcement across all users in the account.

What Happens Next?

  • 2FA setup becomes mandatory for all users on their next login.
  • Active sessions remain unaffected until users log out and log in again.
  • Users who have already enabled 2FA at the individual level are not impacted and will continue using their existing setup.
  • Disabling account-level 2FA later automatically turns off 2FA for users who had previously enabled it individually.

Set Up 2FA: For Non-Admin Users

Non-admin users cannot enable 2FA independently in Unbxd Netcore. Two-Factor Authentication must first be enabled by the Account Owner/Admin at the account level.

Once enabled, all users in the account will be required to register 2FA during their next login.

Follow the steps to complete 2FA setup, post admin user had enabled 2FA across panels:

  1. Log in to your Netcore Unbxd account. You will be prompted to setup Two-factor Authentication.
  2. Open your authenticator app(e.g., Google Authenticator, Microsft Authenticator, or Authy)
  3. Scan the displayed QR code using a compatible authenticator app. Alternatively, manually enter key provided..
  4. Enter the 6-digit code generated by your app to verification field.
  5. Upon successful verification, a list of backup codes will be displayed.
    • Download and store these codes securely for use when your authenticator app is unavailable.
    • These are single-use recovery codes in case you lose access to your device.
  6. Click Done to complete setup and be redirected to your dashboard.

Reminder: You must complete the 2FA setup during your login process. Without verification, you won’t be granted access to your account.

Change or Add a 2FA Device

If you’ve changed your phone or wish to switch to a different authenticator app, you can update your 2FA device from your user profile. This allows you to scan a new QR code and generate a fresh set of backup codes.

Once you add a new 2FA device, your previously registered authenticator app will no longer work. You must complete the new setup by scanning the QR code with your new device.

Follow these steps to change or add a 2FA device:

  1. Navigate to User > My Profile >Two-Factor Authentication section.

  2. Enter your current 6-digit OTP from your existing authenticator app, in the Verify Current 2FA section.

  3. Click Verify & Continue.

  4. A new QR code is displayed. Scan it using your new device or authenticator app.

  5. Complete the verification process with the new code generated by your new app.

    After a successful setup, a new set of backup codes will be generated—download and store them securely.

If you’ve lost access to your current device and cannot verify the current OTP, contact your Account Admin to reset your 2FA.

Use Backup Codes

If you are unable to access your authenticator app(e.g., due to a lost or damaged device), you can use one of your backup codes to log in.

Use a Backup Code

  1. Click the Use Backup Code option, on the 2FA login screen.
  2. Enter one of the backup codes that were provided to you when you initially set up 2FA.
  3. Upon successful entry, you will be granted access to your account.

Manage Backup Codes

  • Backup codes are displayed once during the 2FA setup process.
  • Each code is valid for one-time use only.
  • Download and store these codes securely at the time of setup.

If you lose access to your device and do not have backup codes saved, you will need to contact your Account Admin to reset your 2FA.