Multi-factor authentication (MFA) allows an additional layer of security on top of your authentication method and CANNOT be disabled for non single sign-on (SSO) logins. Tango portal admins can decide which MFA method(s) must be used by Tango portal users: authentication app, phone number, or email address.

 

Audience

This guide is intended for Tango portal admins or users with manage authentication rights. By default, manage authentication permission is not enabled for admins. See Default user roles in Tango portal to see how you can enable it for yourself.

Manage MFA methods for the Tango portal

As a Tango portal admin or user with authentication permission, you can manage (enable or disable) MFA methods for all users in your portal. New users must set up MFA for their user profile the first time they log in, or whenever they reset their MFA. See Set up MFA (Tango portal users).

All MFA methods are enabled by default. You can disable one or more methods if needed. For your portal security, you must keep at least one of the following MFA methods enabled:
 

MFA method	Description
One-time password	Is recommended and most secure. Uses an authentication app–such as Google Authenticator, Duo Mobile, or any other authentication app–to issue a temporary verification code.
Email	Receive an email message containing a verification code
Phone	Receive a phone message containing a verification code. SMS is available in United States and a number of other countries such as Canada, UK, etc. For a complete list of supported countries, check out the countries list.

To manage MFA methods for the Tango portal:

1. Sign in to the Tango portal.

2. Go to  Team settings > Authentication on the left menu. See Set up MFA (Tango portal users)  for more information.

   

3. Click Disable next to the method you don’t need. A confirmation message appears.

4. Click to confirm Disable for all users.
   Access is disabled for all users in the Tango portal. Users must set up a different MFA method the next time they log in.

Grant manage MFA permissions

You must have manage authentication permission to enable or disable the MFA methods in your Tango portal. Follow the instructions below to grant permission to Tango portal admins or specific users. Learn about Tango portal roles in Default user roles in Tango portal.

To grant manage MFA permissions:

1. Sign in to the Tango portal.

2. Go to  Team settings > Users on the left menu.

3. Click the user for whom you'd like to update permissions.

4. Go to the Permissions tab.

5. Scroll down to see Authentication.

6. Move the slider to Manage.

Reset MFA for other Tango portal users

As a Tango portal admin or user with manage users permission, you can reset MFA for other Tango portal users. Here’s how:

To reset MFA for other Tango portal users:

1. Sign in to the Tango portal.

2. Click  Team settings > Users on the left menu.

3. Find and click to open the user information box.

4. Click Actions > Reset multi-factor methods. Or, click the reset option from the bottom of the information box.

5. Click Reset multi-factor methods to confirm. It resets the user’s MFA and logs the user out of the Tango portal. To log back in, the user must add a method of MFA authentication before logging.

   

6. The user has to log in and a verification code is sent to their email address. Once they enter the verification code, they can select a new MFA method. See Get started FAQ for more information.

 

More resources:

• Manage login methods (Tango portal admins)

• Sign in to Tango portal

• Get started FAQ

• Set up MFA (Tango portal users)