Two-Factor Authentication (2FA) adds a second verification step on top of your password, which sharply reduces the risk of account takeover. OmniStor supports 2FA from version 2.22.0 onward, and organization admins can enable it per group through OmniStor Manager (OSM).
This article has two parts: For users — what to do when you see the 2FA verification screen at sign-in; For admins — how to enable 2FA per group in OSM.
Before You Start
- Confirm OmniStor is on version 2.22.0 or later
- 2FA supports the following account types: DB, LDAP, SAML
- 2FA must be enabled by an organization admin in OSM. End users cannot enable or disable it themselves.
For Users: Complete 2FA at Sign-in
Once your admin enables 2FA for your group, the next sign-in shows a verification screen.
- Open the OmniStor app or web client, then enter your account and password.
- The system prompts you for verification, based on the method your admin configured.
- Enter the verification code or confirm the challenge to enter the main screen.
Verify It Worked
After passing 2FA, you'll see the OmniStor main screen. You'll be prompted to verify again on every future sign-in — this is expected behavior, designed to keep your account safe.
For Admins: Enable 2FA per Group in OSM
Admins control 2FA at the group level in OmniStor Manager (OSM).
- Sign in to OmniStor Manager (OSM) as an admin.
- Go to Group Permission Settings.
- Select the group you want to enable 2FA for.
- Turn on Two-Factor Authentication for that group and pick the verification method that matches your account type (DB / LDAP / SAML).Save the settings.
After saving, members of that group will be prompted for 2FA at their next sign-in.
Scope
2FA settings apply at the group level. If a user belongs to multiple groups, OSM's overall rules determine which setting applies. Recommended priority groups:
- Groups with file management or delete permissions
- Groups with access to sensitive project folders
- Admins themselves
FAQ
- Can users turn off 2FA themselves? No. 2FA is controlled by admins in OSM. Users cannot enable or disable it.
- What if I changed my phone and can't verify? Contact your organization's OmniStor admin for help.
- Do I need to verify every time I sign in? Yes. 2FA prompts on every sign-in — this is the expected security behavior.
- Can 2FA and SSO be used together? Yes. OmniStor 2FA supports the SAML account type, which is compatible with SSO flows.
Troubleshooting
Symptom | Likely Cause | What to Do |
|---|---|---|
No 2FA screen at sign-in | Admin hasn't enabled it for your group | Confirm your group has 2FA enabled |
Verification code keeps failing | Device time out of sync; code expired | Sync device time; request a new code |
Still can't sign in after verifying | Account is locked or in an abnormal state | See "What to do when your account is locked" |
Related to