Configure two-factor authentication

Configure two-factor authentication

SMS-based two-factor authentication is currently available free of charge on a trial basis.

In a future release, our development team will add a second method of two-factor authentication. That method will work with mobile devices, will not rely on SMS, and will be free to use.

When the second method becomes available, there may be additional costs for continued use of SMS-based two-factor authentication. 

Note: For staff members that integrated Working Papers with Cloud, two-factor authentication is only supported with Working Papers 2017.00.296 or later. An administrator must disable two-factor authentication for any staff members using an earlier version of Working Papers; otherwise, they will be unable to sign in.  

To effectively secure your organisation's sensitive data, consider enabling two-factor authentication. With two-factor authentication, users will be expected to supply two pieces of information to verify their identity before gaining access to Cloud.

  • Your password
  • A single-use code sent to your mobile phone.

Using two pieces of information helps ensure that you are the only person that can access your account, even if someone else has your password.

Enable two-factor authentication across your organisation. 


Note: Staff and contacts can always enable two-factor authentication from their own accounts. For more information on enabling two-factor authentication for individual users, see  Enable two-factor authentication for your own account.

You can enable two-factor authentication for all staff and contacts from the Settings page. You can also enable two-factor authentication for your account individually. 

Before enabling two-factor authentication:

Ensure that your organisation has at least two staff members with the Admin role before enabling two-factor authentication. Only staff members with the Admin role can disable two-factor authentication. Having two users with the Admin role ensures that at least one account will always be able to access Cloud. 

Additional requirements for Working Papers and Time users:


Currently, two-factor authentication is only supported with Working Papers 2017.00.283 or later. If you are using an earlier version of Working Papers, an administrator must disable two-factor authentication for your Cloud account otherwise you will not be able to sign in. 

For CaseWare Time (Desktop) users, two-factor authentication is not supported at this time. Ensure that an administrator disables two-factor authentication for your Cloud account, otherwise you will not be able to sign in. 


To learn more about disabling two-factor authentication for individual accounts, see Enable two-factor authentication for your own account.

To enable two-factor authentication for staff and contacts:

1. Ensure you have the Settings Admin role or the equivalent permissions.

2. From the Cloud menu, select Settings | Security | Authentication and Session Management. 

3. Select All Staff, All Contacts, or both. If you want either group to be able to opt out of two-factor authentication temporarily, select Allow user to skip setup until: and choose a date and time. This option is intended to allow users sufficient time to complete the setup process.



Two-factor authentication options available on the Settings page.

1. From the drop-down menu, select Every 30 days or Every sign in to set how often two-factor authentication is required when you sign in. You will need to provide a new code the first time you sign in from a new device regardless of your choice. 

2. Select Save.

You have enabled two-factor authentication for staff and contacts. If you prefer, you can leave the decision to enable two-factor authentication up to individual users. For more information see Enable two-factor authentication for your own account.

Enable two-factor authentication for your own account:

You can enable two-factor authentication for your own account at any time, even if it's not enabled across your organisation. You'll need a valid phone number to enable this option.


To enable two-factor authentication for an individual account:

1. Select your avatar and choose My Settings.



1. From the sidebar, select Account Settings.

2. Select Enable, then choose your country from the Country drop-down menu. 

3. Enter your mobile phone number in the Mobile Phone field, then select Update Phone Number


4. Enter your password, then enter your verification code in the Verification Code field. If you don’t receive a code, check your mobile phone number and select Resend.

5. Select Verify.

You have set up two-factor authentication for an individual account. If you lose your phone, an administrator can temporarily disable two-factor authentication. For more information, see Disable two-factor authentication for a specific user.


Update your phone number:

If you change your phone number, you’ll need to update your two-factor settings . If you can no longer access your Cloud account, an administrator can temporarily disable your two-factor authentication (see Disable two-factor authentication for a specific user ).


1. Select your avatar, then select My Settings.




2. From the sidebar, select Account Settings.

3. Enter your mobile phone number in the Mobile Phone field and select Update Phone Number.


4. Enter your password, then enter your verification code in the Verification Code field. If you don’t receive a code, check your mobile phone number and select Resend.

5. Select Verify.

You have updated your phone number. If you want to disable two-factor authentication for your account, you’ll need to contact an administrator. For more information on disabling two-factor authentication, see Disable two-factor authentication for a specific user.


Generate backup codes:

Backup codes enable you to log in if you cannot access your mobile phone, or if an administrator is unavailable to disable two-factor authentication for you. Backup codes are single-use, and must be generated while you have access to your account.

1. Ensure you have enabled two-factor authentication for your account. To learn more, see Enable two-factor authentication for your own account

2. Select your profile picture and choose My Settings.



3. From the sidebar, select Account Settings.

4. Select Generate backup codes.



5. Enter your password, then select Continue.

6. Write down your backup codes and store them in a safe place, or select Download to store them in a TXT file.

7. Select Close.

You have generated backup codes. If you lose access to your backup codes and your mobile phone, you will need to contact an administrator to regain access to your account.


Disable two-factor authentication for a specific user:

If you lose access to both your mobile phone and any backup codes you have generated, you won’t be able to access your account. To regain access, an administrator must disable two-factor authentication for your account.

1. Ensure you have the Admin role.

2. From the Cloud menu, select Staff or Contacts

3. Choose a staff member or contact, and select Edit.



4. Select Password; then choose Disable two-factor authentication.

5. Select Until: to allow a staff member or contact to opt out temporarily. This option ensures you won't have to manually re-enable two-factor authentication later. Alternatively, select Permanently to disable two-factor authentication indefinitely for that user.


6. Select Save.


After you regain access to your mobile phone, an administrator can re-enable two-factor authentication.

You can disable two-factor authentication for other reasons as well. For example, you might disable two factor authentication because a staff member doesn’t own a mobile phone, or has integrated certain CaseWare software with Cloud. To learn more about how integrated software interacts with two-factor authentication, see Additional requirements for Working Papers and Time users.


    • Related Articles

    • Cloud Security Certifications and Procedures

      Application & Interface Security 1. What software development standards do you follow? Our Software Development Life Cycle (SDLC) ensures that our applications and programming interfaces (APIs) are designed, deployed, and tested in accordance with ...

    • Cloud Security Compliance

      CaseWare Cloud continually undergoes independent security audits to reinforce our commitment to data security, privacy, and compliance controls. Independent auditors examine our entire Information Security Management System (ISMS) to verify our ...

    • Onboarding of staff into CaseWare Cloud

      When you're ready to provide staff with accounts in Cloud, you can begin onboarding procedures. Generally, the procedures are the same for all organization sizes:  1. Create groups based on functional roles and access rights. 2. Create accounts for ...

    • Our approach to Cloud security with CaseWare Cloud

      Choosing a cloud service provider can be a complex task given the nature of today’s security concerns. The number of potential threats - both malicious and benign - and the ever-increasing number of attack vectors can cause even security experts to ...

    • Setting up a client portal in CaseWare Cloud

      A client portal enables your staff to interact with clients from a central location; you can share files, updates, and make requests. All these activities will then be stored in your workspace for future reference. Set up a client account You'll have ...