Setting up DFA/2-Factor Authentication for your Administrative Account

This tutorial will walk you through setting up Dual-Factor Authentication (DFA) for your administrative login. This functionality is ONLY available to administrative login and CANNOT be used with storefront login. 

Protect your account with 2-Step Verification (also called DFA/MFA or Dual/Multi Factor Authentication). When you login to an administrative area you'll need to enter a random code in addition to a password. This added security means if your password is stolen, your account cannot be accessed without the random code.

Codes can be generated by using:

• Authenticator Application (e.g. Authy, 1Password, or Google Authenticator)
• E-mail (Note: store level administrators only)
• SMS/Text (US Only)

KEEP IN MIND IF YOU LOSE ACCESS TO THE ABILITY TO GENERATE THE RANDOM CODE OR YOUR BACKUP CODES, YOUR ACCOUNT MUST BE DELETED AND RE-CREATED BY SOMEONE ELSE ON YOUR TEAM or you can contact us here for assistance. 

Article Sections

• Select 2-Step Verification
• Authenticator Application - Account Level
• Authenticator Application - Store Level
• E-Mail Authentication - Store Level Admins Only
• SMS/Text Authentication - Account Level
• SMS/Text Authentication - Store Level
• Backup Codes to Login (Note: store level administrators only)
• Disabling 2-Step Verification
• Notes

Select 2-Step Verification

To get started, log into https://app.ordermygear.com and then choose "Company Stores." To set this up at the store administrative level, login at the store URL followed by “/admin” (e.g. https://brightsites.mybrightsites.com/admin) 

Once you're in the Company Stores powered by BrightStores platform, do the following:

 

1. Click the Profile icon (upper right-hand corner).
2. Click "Enable 2-Step Verification" to proceed with setup.

You'll be re-directed to another page to choose your authentication method

 

1. Choose either "Google Authenticator or similar" OR "SMS."

The methods we support are as follows:

• Authenticator Application (e.g. Authy, 1Password, or Google Authenticator)
• E-mail (Note: store level administrators only)
• SMS/Text (US Only)
• Backup Codes (Note: store level administrators only - Will need to set up a supported authentication method before backup codes can be created.)

Authenticator Application - Account Level

If you choose this option you’ll need to have a supporting application which can authenticate you (e.g. Authy, 1Password, or Google Authenticator). After selecting "Google Authenticator or similar", and you’ll be taken to this screen. 

 

 

1. Scan the QR code or click "Trouble Scanning?" to copy the authentication code to upload into the authenticator.
2. After putting this in your authenticator application, enter the one-time code, and click "Continue."

Once verified, you’ll see a message from the system letting you know that 2-Step verification has been setup.

 

Now, whenever you login, you would need to enter a random code along with your actual password to access your admin account.

 

Authenticator Application - Store Level

When setting up DFA/MFA at the store level, If you choose the authenticator option, you’ll need to have a supporting application which can authenticate you (e.g. Authy, 1Password, or Google Authenticator). After selecting Authenticator App, click continue and you’ll be taken to this screen. 

 

1. Scan the QR code or click "Download QR Code" to download the image file to upload into the authenticator.
2. Click "Continue" after you scanned or downloaded the QR code.

Next, to confirm the configuration is set, you’ll need to enter the code generated by your authenticator.

1. Enter the code generated by the authenticator.
2. Click "Verify" to continue.

Once verified, you’ll see a message from the system letting you know that 2-Step verification has been setup.

Now, whenever you login, you would need to enter a random code along with your actual password to access your admin account. If you have a computer used frequently and it’s a computer that only you use, you could check the box for remember this browser for 45 days and then the random code won’t be required when using that system. Keep in mind if you clear your cache or browsing history, this will reset that setting.

 

E-Mail Authentication (store level administrators only)

When setting up DFA/MFA at the store level, click into Profile and then choose "Enable 2-Step Verification" and enter your password. After this, selecting E-mail click "continue" and you will be taken to a screen where you can input an email address to receive the random code. 

 

 

1. Enter the e-mail address the verification code should go to.
2. Click "Continue" to proceed.

The email will contain the code needed to complete the 2-Step verification setup process (example below). 

 

Enter the code from the email within 5 minutes. 

 

1. Enter the code from the email.
2. Click "Verify" to continue.
3. Click "Resend" only if you need a new code generated. This invalidates the previously sent code.

Once verified, you’ll see a message from the system letting you know that 2-Step Verification has been setup.

 

Now, whenever you login to the store's admin area, you would need to enter a random code along with your actual password to access your admin account. If you have a computer used frequently and it’s a computer that only you use, you could check the box for remember this browser for 45 days and then the random code won’t be required when using that system. Keep in mind if you clear your cache or browsing history, this will reset that setting.

 

SMS/Text Authentication - Account Level

After selecting "SMS", select your country code and input the phone number. You can also hit "Try another method" to go back and select a different authentication method.

 

 

1. After inputting your phone number, hit "Continue."

You will receive a test message at the phone number input, and enter the code from the text within 5 minutes. 

 

1. Enter the 6-digit code from the text message.
2. Click "Continue" to proceed.
3. Or hit "Resend" to resend the code.

Once verified, you’ll see a message from the system letting you know that 2-Step Verification has been setup.

 

Now, whenever you login, you would need to enter a random code along with your actual password to access your admin account.

 

SMS/Text Authentication - Store Level

After entering your password, select "SMS/Text" and hit "Continue" and you will be taken to a screen where you can input the mobile number you want to receive texts at. 

 

 

1. Enter the phone number to receive the code.
2. Click "Continue" to proceed.

You will receive a test message at the phone number input, and enter the code from the text within 5 minutes. 

 

1. Enter the 6-digit code from the text message.
2. Click "Verify" to proceed.
3. Or hit "Resend" to resend the code.

Once verified, you’ll see a message from the system letting you know that 2-Step Verification has been setup.

 

Now, whenever you login, you would need to enter a random code along with your actual password to access your admin account. If you have a computer used frequently and it’s a computer that only you use, you could check the box for remember this browser for 45 days and then the random code won’t be required when using that system. Keep in mind if you clear your cache or browsing history, this will reset that setting.

 

Backup Codes to Login (store level administrators only)

To generate back-up codes to login (in the event you’re not able to utilize your authentication method to generate a code), first log into the admin area and click on the profile icon. Note, backup codes are only available after you have successfully activated DFA.

 

 

1. Click "Create Backup Codes" to proceed.

You will be taken to a screen to authenticate your access by entering in a code that is generated by the authentication method you have setup.

 

1. Input the code generated by your authentication method. 
2. Click "Generate" to create you backup codes. 

Once the system has verified the code, you will see a list of your backup codes that can be used. You will need to copy these codes and paste them into another area where you can view them safely and securely. These codes are only displayed once, and clicking Create Backup Codes again will recreate all codes and invalidate the previously generated set.

 

Click "Copy Codes" to copy the Backup codes and paste them into a safe location. If you do need a new set of Backup Codes re-generated, please follow these steps again. 

 

Disabling 2-Step Verification

To disable 2-Step Verification if you no longer require it, login to the admin area for your account and click the profile icon.

 

Click "Disable 2-Step Verification" button to disable this feature. A confirmation window will pop-up and hit "Disable" to turn off DFA/MFA. Once disabled, you will no longer be required to enter a one-time password when logging into the Company Stores application.

 

Notes

• You can only use ONE type of Authentication method per account.
• When using email or SMS, keep in mind when clicking resend, while it does send you a new authentication code to use, the previously generated value will be invalidated.
• If using E-mail as your authentication method, you may need to check your spam/junk mail for the email.
• If using E-mail as your authentication method, this is only available to store level administrators and not account administrators.
• When creating backup codes, keep in mind that each time you generate a new set, the previously generated set is invalidated. 
• Backup codes are only displayed once, so we recommend copying them to a file saved in a secure location.
• Backups codes are only available to store level administrators, not account administrators.
• If you lose your backup codes and access to your authentication method, your account will need to be re-created.