Salsa is dedicated to improving security in response to cybercrime threats, providing something more secure than just password authentication.
Two Factor Authentication (2FA) is a secure way to prove your identity when you log in. 2FA links a software app on your mobile device to a Salsa CRM user's account. Users generate a verification code on that app that is only good "at the moment" and expires after a short time. When users log in using 2FA, they enter their username and password, generate a verification code in their app, then type in the verification code in Salsa CRM to gain access to the account.
Enable 2FA For All Users
Enable 2FA for every member of your organization...
- Go to the Manage > Configuration menu.
- On the General configuration screen, check the box next to Require Two-Factor Authentication to log in, which requires all users to set up 2FA when they next log in.
A wizard walks users through each step in the setup.
User 2FA Setup
Step 1: Download Authenticator App
- Download and install an authenticator app from one of the three apps listed on this page.
You do not need to install all three; just one. Other authenticator apps may work; Salsa recommends one of these (links go to the app's help documentation): - The QR code (the large barcode in the middle of the screen) is a shortcut to each app's web page. Scan that code with your phone's camera or QR Code reader app, and download that app from its website to your phone.
Apple App Store and Google Play Store buttons below each QR code link to a place to download that app for your Apple or Android phone. - After you download and install the app to your smartphone, click Next to move to Step 2 of the process.
Step 2: Register Salsa CRM in Your App
- Salsa CRM generates another, different QR code for you; scan the QR code with your authenticator app to capture a unique code that represents a link to Salsa CRM. That QR code is the same as the manual code just below it. If necessary, you can type the code manually into your app. Follow the app instructions on how to do that.
- Once the app successfully connects with Salsa, it will generate a 6-digit code. Enter that code into the section labeled Step 2: Verify Authentication Code to connect your device to Salsa CRM. That way, they sync together.
- Click Next to continue.
Step 3: Save Your Recovery Code
If you lose access to your authenticator app, you can save a recovery code to use instead of entering a verification code. You should retain only one active backup code at a time. Use that recovery code to log in if you lose access or if you don't have access to the registered mobile device. If you save more than one recovery code, only the most recent code will work. Store your backup code someplace secure and easily located if you lose your device.
- Download a text file with the recovery code or copy it for pasting into a text file. You may not continue until either you download the recovery file or copy the code.
- Once you do either action, click Next to continue.
Step 4: Success!
At this point your 2FA configuration is complete. An infographic shows the process for logging in to Salsa CRM from that point forward. Click Done to complete your setup.
Log In to Salsa CRM with 2FA Enabled
After completing your 2FA setup...
- Login to Salsa CRM with your typical User ID and password.
- Using your authenticator app, find out your current Verification Code.
- Enter that code into your login screen. Then you're in!
Authentication Status
Salsa CRM admins can check after 2FA has been enabled for their organization to see whether someone has logged in yet and configured their 2FA.
On the constituent's Access Control screen, just under the Security Level field, is an indicator of the user's 2FA Authentication status:
- Not Activated—User has not yet configured 2FA.
- Activated on [Date/Time]—The user has activated 2FA on their account.
This Authentication Status also exists on the My Account screen, where a user can reset their own 2FA.
Reset 2FA for a User
If the user loses their phone and their authenticator app, or they cannot use the backup code on an existing installation, Salsa CRM admins can reset 2FA for a user in this state, so the user could reconfigure 2FA.
- CRM admin should open the user's Constituent record.
- Select the Access Control screen on the left.
- Click the Reset Two-Factor Authentication button next to their Authentication Status.
- The user's 2FA configuration is cleared. An email is sent to the user confirming their 2FA status has been reset. There is a link to log in to Salsa CRM within that email.
- The next time the user logs in they will be able to reconfigure 2FA again and generate a new backup code.
Log in to Engage from Salsa CRM with 2FA
Users access Engage from Salsa CRM via the Tools > Salsa Engage link. If Engage admins have enabled 2FA for their users, you do not need to enter a 2FA verification code to enter Engage.
If Engage admins do not enable 2FA for CRM and 2FA is enabled in Engage, you will need to enter a 2FA verification code to enter Engage.