Datto Partner Portal: Getting started with two-factor authentication (2FA)

Topic

This article explains how to set up two-factor authentication for Datto SaaS Protection, Datto Partner Portal, and Backupify Direct users.

Environment

Datto Partner Portal
Datto SaaS Protection
Backupify/Datto SaaS Protection for G Suite and Office 365

Description

You must set up two-factor authentication (2FA) with your application to access your account. If you haven't already done so, the Partner Portal or the Backupify login page will prompt you to enable two-factor authentication at your next login.

Why two-factor authentication?
Enable two-factor authentication
Download and install the Authy app
Changing your information
Enabling 2FA for all users

Why two-factor authentication?

To learn more about two-factor authentication, see What is two-factor authentication (2FA)? (external link).

Conventional password protection offers a single layer of security. Passwords are vulnerable to divulgence through human error and defeat through increasingly sophisticated forms of automated attack.

Two-factor authentication provides additional security. After entering your password, the authentication software contacts you via trusted means, such as your mobile phone number, and requests additional verification. This extra protection dramatically reduces the success rate for malicious access attempts.

Enable two-factor authentication

1. Navigate to your Partner Portal or Backupify login page, enter your account credentials, then click the LOG IN button.

For Datto partners, including SaaS Protection users, navigate to the Partner Portal login page.
For Backupify Direct users, navigate to the Backupify login page.

Figure 1: The Login window (click to enlarge)

2. Choose an authentication method, then click the Enable 2FA button.

Figure 2: The select Authentication Method prompt (click to enlarge)

The next step will vary depending on the authentication method you selected.

Third-Party Authenticator App

Open your authenticator app and scan the QR code to complete the setup.

Figure 4: Setup via third-party authenticator app (click to enlarge)

For additional information, see How do I set up an external authenticator app for the Datto Partner Portal?

Authy

Follow the steps in the Download and install the Authy App section of this article.

SMS/Voice

1. Enter your phone number, then click the Enable 2FA button.

If this is a mobile phone number, you will receive a text with the verification code.
If Datto detects a likely non-mobile number, you will see the prompt shown in Figure 3. The dialog box, however, will contain additional instructions about how to set up the Authy application. The same conditions apply to users who reside in Canada since the Portal will not be able to determine if the number provided is from a non-mobile phone.

2. Enter the code in the 2FA Verification window and click the Submit button.

After the Portal admin enables 2FA for your company, users will not see the Remind me in 48 hours option.

Once you enable 2FA for all users, see Partner Portal: User Settings to learn more about viewing employee enrollment status.

Figure 5: Enable 2FA prompt (click to enlarge)

Resending Tokens

The method to re-send an authentication token will vary according to your chosen authentication method:

Third-party app: Check your mobile device for a new token.
Email: Click Email to receive a new token via email.
SMS: Click SMS or Phone Call to receive a new token via text message or phone call.

Figure 6: The 2FA verification modal (click to enlarge)

Once you submit the verification code, 2FA activation is complete.

Download and install the Authy app

Datto recommends the Authy 2FA app (external link) for logging into the Datto Partner Portal with two-factor authentication. You can download the following versions:

Mobile app: You can authenticate via your mobile phone via push notification or token. You will only be able to authenticate via mobile if you provided a cell phone number.
Desktop app: This app lets you authenticate via desktop app push notification or token. You can use the desktop app if you use either your desk phone or mobile phone.
Chrome extension: The Chrome extension lets you authenticate from the Google Chrome browser via push notification or token. You can use the desktop app if you use either your desk phone or mobile phone.

Datto also lets you authenticate with your preferred third-party 2FA solution if necessary. Consult your application's setup guide for configuration instructions if you choose to leverage a solution not described in this article.

Figure 7: The Authy download page (click to enlarge)

Changing your information

You can change employee names or phone numbers used for 2FA with partner accounts from the Partner Portal user settings page.

Enabling 2FA for all users

Partner Portal Admins can require 2FA for all Portal users in their company.

1. In the Datto Partner Portal, click your username in the top right-hand corner, then select Company Settings from the drop-down menu.

2. In the Authentication Settings card, click Enable to activate 2FA for all of your company's Portal users. After enabling, users who have not set up 2FA will see a prompt to do so the next time they log in.

Once you enable two-factor authentication for your company, you cannot disable it.

Figure 8: The Authentication Settings card (click to enlarge)

Logging in on trusted networks

If you log in from an IP address that your Partner Portal admin has whitelisted as a trusted network, you will only receive the authentication prompt every three weeks instead of being prompted on each login.

Trusted network whitelisting is unavailable for accounts belonging to end-user clients of Datto partners; these accounts must authenticate on every login.

Additional Resources