Search

Two-Factor Authentication for TourCMS supplier accounts

Blanca Castillo
Blanca Castillo
  • Updated

Video

 

What does it mean?

This article will explain how to set up Two-Factor Authentication (2FA) for your TourCMS account, a vital step in significantly boosting your login security.

Two-Factor Authentication adds an essential layer of protection to your user account. It ensures that anyone attempting to access your TourCMS back office is genuinely who they claim to be. This crucial security measure works by requiring a second method of authentication beyond your usual password. This secondary step involves entering a constantly changing six-digit numerical code, which is generated by a dedicated authenticator app or device. Even if your password were compromised, an unauthorised individual would still be unable to access your account without this unique, time-sensitive code. This robust system drastically reduces the risk of unauthorised access and helps protect your valuable data.

Please note that Two-Factor Authentication is currently available exclusively for supplier (tour operator) accounts and is not yet accessible for agent accounts. It is also not currently supported when logging into the TourCMS Point of Sale (POS) app.

Additionally, admin users, those who already have the necessary permissions to create and edit colleague user accounts can check which colleagues have Two-Factor Authentication enabled. They can also assist with setting up or removing Two-Factor Authentication devices for their team members.

 

Where can I find it?

After you have logged into TourCMS, navigate to CONFIGURATION > TWO FACTOR AUTH

69efd251-3f59-4ff9-b36f-9972f903c7e6.png

 

What should I do?


Enabling Two-Factor Authentication

1. To set up Two-Factor Authentication (2FA) for your TourCMS account, navigate to CONFIGURATION  and then select TWO FACTOR AUTH.

69efd251-3f59-4ff9-b36f-9972f903c7e6 (1).png
2. If this is your first time setting up 2FA, you'll need to use the 'Add a new Two-Factor Authentication device' form. This form allows you to link an app or device that will generate the unique, time-sensitive codes you'll use for logging in. We recommend using a reliable authenticator app such as 1Password, Ente Auth (for iOS), Aegis Auth (for Android), or Google Authenticator (available for both Android and iOS).

3. You'll be prompted to give your "device" a name; a descriptive name like "My iPhone" or "Work Laptop" will help you easily identify it later.

4. TourCMS will then generate a unique code for you. The easiest way to add this code to your authentication app is by scanning the displayed QR code. Alternatively, you can enter the code manually if preferred.

5. Once you've successfully added the code (or scanned the QR code) into your authenticator app, it will begin generating 6-digit codes. Simply enter one of these current codes into the box on the TourCMS screen to complete the setup. This confirms to TourCMS that your authenticator app is correctly configured.

61695af3-831e-4071-a15f-52122ba06f5b.png


From this point onwards, each time you log in to your TourCMS back office, you'll need to enter the current 6-digit code displayed in your authenticator app.

d794a386-c8ab-4935-afcb-b58463251ca0.png

 

Managing your Two-Factor Authentication devices

Once 2FA is enabled, returning to CONFIGURATION > TWO FACTOR AUTH will show you all your configured devices:

  1. Device name: The name you assigned to the device.
  2. Active status: Indicated by a ticked checkbox if the device is currently active.
  3. Creation date and time: When the device was initially set up.
  4. Last updated date and time: When any changes were last made to the device.
  5. Last used date and time: The most recent instance the device was used for login.
  6. Actions: Options to edit or delete the device.

You can add additional devices if required, though there is a limit of three devices per user.

b77a157f-474b-47dd-a7af-e2d168a84bb3.png

 

Disabling Two-Factor Authentication

While we strongly recommend keeping Two-Factor Authentication enabled for enhanced security, you do have the option to switch it off. To do so, simply go back into CONFIGURATION > TWO FACTOR AUTH within TourCMS and either delete or deactivate all the 2FA devices you have created.

c3704cd8-12f7-4f49-9ebf-abe2d75ae29e.png

 

Setting up 2FA for other users (admin access only)

Only users with ‘Staff & Supplier users’ access are able to manage Two-Factor Authentication for other colleagues. If you have the permissions to create and edit colleague accounts, you can also assist them with their 2FA setup.

CONFIGURATION > USERS > Edit > PERMISSIONS & MAIN SETUP

696b722b-e3ec-469e-920e-03716b5a2180.png


On the same page where you manage your own Two-Factor Authentication, you'll find a form at the top that allows you to jump to a colleague's setup. From there, you can add or remove 2FA devices for them as needed.

63d45af7-6041-450e-aeb7-97dd04d034c2.png


These users can also set up Two-Factor Authentication for supplier users by following the same instructions outlined above.

 

Check 2FA status per user

Additionally, you can quickly check the 2FA status for all users by heading to the main 'Users' page in your account (CONFIGURATION > USERS). In the list of colleague names, the '2FA' column will clearly indicate whether Two-Factor Authentication has been set up for each individual user.

167211cc-713f-4116-bc8b-50a2869210af.png
Two-Factor Authentication not enabled

 

eaa19796-0f10-4341-9b94-4d739349b081.png

Two-Factor Authentication enabled