Two-factor authentication (2FA)
Protect your account and supporter data with an additional verification step at login.
Two-factor authentication (2FA) adds an extra layer of security to your Fundraise Up account by requiring both your password and a verification code to log in. This protects your account and supporter information from unauthorized access, even if someone obtains your password.
When 2FA is enabled, you enter a verification code each time you log in. This code is either sent to your mobile device through SMS or generated in an authenticator app of your choice.
2FA can be set up individually by any user or required organization-wide by an Organization Administrator.
Enable 2FA for your own account
You can enable 2FA for your own account at any time. Go to Settings > Profile and click Enable 2FA in the Two-factor authentication (2FA) section. Follow the setup process to choose your verification method.
Two-factor authentication (2FA) settings that apply to a single user
Verification methods
Choose between two verification options:
- Authenticator app (recommended). Generate login codes through an authenticator app like Google Authenticator or 1Password.
- SMS text messages. Receive login codes through text message to your mobile device.
Authenticator apps provide enhanced security and convenience. They work without phone signal and aren't affected by SIM card changes or international travel.
You can switch between verification methods at any time. Go to Settings > Profile and click Switch to using [method]. To disable 2FA entirely, click Disable 2FA.
Backup codes
When you set up 2FA with an authenticator app, you receive backup codes for account recovery. Store these codes securely in case you lose access to your authenticator device.
You can access your backup codes from the Settings > Profile page at any time. To generate new codes, click the chevron symbol (>) and select Generate new backup codes. Each code can be used only once. When you generate new codes, the old set of codes stops working.
Require 2FA for all users
Organization Administrators can require 2FA for all users in their organization. This option is available only after the administrator enables 2FA for their own account first.
To require 2FA for all users, go to Settings > Security and click Make 2FA required in the Two-factor authentication (2FA) section.
Two-factor authentication (2FA) settings that apply to the whole organization
When you make 2FA required, all users who don't have 2FA set up are automatically logged out of their Fundraise Up account. To log back in, they need to set up 2FA using their preferred verification method.
Reset 2FA for a user
You can reset 2FA for any user account if they lose access to their verification method. Go to Settings > Team, find the user in the list, and select Reset 2FA from the three-dot menu next to their name.
Reset 2FA option
If 2FA is optional in your organization, this removes 2FA from that account. If 2FA is required for all users, the user whose 2FA is reset is automatically logged out and needs to re-enable 2FA to log back in.
2FA and SSO
Single sign-on (SSO) settings affect how 2FA works in your account.
When SSO is set to Required, your identity provider handles authentication and security. In this mode:
- The 2FA setting is marked as Not applicable under account settings. You can't change it unless you switch to another SSO mode.
- 2FA is not requested at login, even if 2FA is enabled in a user's profile settings.
When SSO is set to Optional, users can choose to log in through SSO or with their Fundraise Up credentials. In this mode:
- 2FA is requested on login if 2FA is enabled in the user's profile settings or 2FA is required for the account.
- Any organization member can enable 2FA for themselves, and administrators can require 2FA for all account members.