Account Administrators can require all impact.com brand account members to use two-factor authentication (2FA) when they sign in from a new device. Have questions about 2FA? Check our article on Two-Factor Authentication FAQs
When invited to join an account and your sign-up method involves using a username and password, you'll be automatically signed up for 2FA and your default authentication method will be set to email.
The user experience with 2FA enabled goes as follows:
Upon first signing in, an account member will receive a verification code on their mobile device via SMS, email, or an authentication app.
Account members can then save their device as a trusted device—meaning they won’t need to use 2FA on subsequent sign-ins for the next 30 days. Once 30 days have passed, the user will again need to sign in via 2FA, and optionally save their device.
Account members can manage saved devices on the impact.com user profile screen.
This will enable mandatory two-factor authentication for all account members who sign in to your brand account.
From the left navigation menu, select [Menu] → Settings.
In the left column, under General, select Account User Authentication.
Under User Login, [Toggle on] Require users of this account to verify their identity upon login.
Select Save.
View the users who have activated 2FA, on the Account Users screen, indicated by a tick in the Two-Factor Authentication column.
This will enable a mandatory 2FA check for account users attempting a partner funds transfer above the transfer minimum amount — once authenticated, the PFT will go through.
From the left navigation menu, select [Menu] → Settings.
In the left column, under General, select Account User Authentication.
On the Account User Authentication screen, select [Toggle on] Require users of this account to verify their identity when initiating a partner funds transfer.
Under Transfer minimum, input a value as the minimum amount to require 2FA.
Select Save.
From the left navigation menu, select [User Profile] → Edit Profile.
Go to the Security section — next to Devices and Activity is a list of saved devices for the account.
Select Remove this device if you no longer access impact.com on that device.