What is Additional Authentication?
Additional Authentication provides an extra layer of security for Client Access by requiring users to verify their identity after entering their username and password.
Authentication codes can be delivered by:
Email
Text message (when a supported text messaging vendor is configured)
Administrators can also configure how long a trusted device remains authenticated before users are prompted to verify their identity again.
Before You Begin
Before enabling Additional Authentication, ensure:
Client Access has been configured.
Client Access users have valid email addresses.
If using text message authentication, a supported text messaging vendor has been configured.
Client Access users have a mobile phone number entered in the Phone Cell field.
Enable Additional Authentication
Navigate to Setup → System.
Locate the Portal Settings section.
Select Require additional authentication for Client Access users.
Select a vendor in Text Message vendor for authentication texts if you want users to receive authentication codes by text message.
Configure Trusted Device Days.
Click Apply.
Configuring Trusted Device Days
The Trusted Device Days setting controls how frequently users must complete additional authentication on the same device.
Value | Behavior |
|---|---|
-1 | The device remains trusted indefinitely. Users will not be prompted again on that device. |
0 | Users must complete additional authentication every time they sign in. |
Greater than 0 | The device remains trusted for the specified number of days before another authentication is required. |
Please Note
Authentication is tied to the device or browser used to sign in. Logging in from a different device or browser requires a new authentication.
Configuring Client Access Users
To enable text message authentication:
Open the Client Access User profile.
Enter the user's mobile number in the Phone Cell field.
Save the user.
If a text messaging vendor is not configured or no mobile number exists, users can authenticate using email.
Client Authentication Process
When Additional Authentication is enabled:
The user signs in using their username and password.
The user selects whether to receive the authentication code by email or text message (when available).
A four-digit authentication code is sent.
The user enters the code to complete sign in.
The device remains trusted based on the configured Trusted Device Days setting.
.jpg?sv=2026-02-06&spr=https&st=2026-07-11T18%3A22%3A32Z&se=2026-07-11T18%3A33%3A32Z&sr=c&sp=r&sig=wZPAXtsomLa7Et%2F5EdU5uJxhiEhou8rh7bXvPl%2BF2rI%3D)
Image Displays 2FA Test/Email Option
Viewing Authentication Information
Administrators with the appropriate permissions can view Client Access authentication information from the Client Access User profile, including:
Trusted Devices
2FA Email History
2FA Text History
These views can be used to review authentication activity and troubleshoot authentication issues.
Notes
Users can update their mobile phone number from My Profile when permitted.
Trusted devices are maintained separately for each device or browser.
Changing the Trusted Device Days setting affects how long future authentications remain trusted.
