Account Administrators can require all impact.com brand account members to use two-factor authentication (2FA) when they sign in from a new device. Have questions about 2FA? Check our article on Two-Factor Authentication FAQs.
When invited to join an account and your sign-up method involves using a username and password, you'll be automatically signed up for 2FA and your default authentication method will be set to email.
The user experience with 2FA enabled goes as follows:
Upon first signing in, an account member will receive a verification code on their mobile device via SMS, email, or an authentication app.
Once an account member has successfully been authenticated, their device will automatically be saved as a trusted device—meaning they won’t need to use 2FA on subsequent sign-ins. Account members will only be asked to use 2FA again if their device has changed or unusual activity was detected.
Account members can manage saved devices on the impact.com user profile screen.
This will enable mandatory two-factor authentication for all account members who sign in to your brand account.
From the left navigation menu, select
[Menu] → Settings.
In the left column, under General, select Account User Authentication.
Under User Login,
[Toggle on] Require users of this account to verify their identity upon login.
Select Save.
View the users who have activated 2FA, on the Account Users screen, indicated by a tick in the Two-Factor Authentication column.
This will enable a mandatory 2FA check for account users attempting a partner funds transfer above the transfer minimum amount — once authenticated, the PFT will go through.
From the left navigation menu, select
[Menu] → Settings.
In the left column, under General, select Account User Authentication.
On the Account User Authentication screen, select
[Toggle on] Require users of this account to verify their identity when initiating a partner funds transfer.
Under Transfer minimum, input a value as the minimum amount to require 2FA.
Select Save.
From the left navigation menu, select
[User Profile] → Edit Profile.
Go to the Security section — next to Devices and Activity is a list of saved devices for the account.
Select Remove this device if you no longer access impact.com on that device.