Two-factor authentication
Two-factor authentication (2FA) adds a second step to sign-in, so your account stays safe even if your password is stolen. Villva ERP uses the 6-digit codes from an authenticator app (a free app on your phone). There is no SMS or phone-number option anywhere.
What you need
Section titled “What you need”Any standard authenticator app, such as Google Authenticator, Authy or 1Password.
Set up 2FA
Section titled “Set up 2FA”- Open Account & security from your profile and choose to enable two-factor authentication.
- Scan the QR code with your authenticator app. Can’t scan? Type in the setup key shown alongside it instead.
- Your app starts generating a 6-digit code that changes every 30 seconds.
- Enter the current code to confirm, setup only completes once you enter a valid code, which proves your app is set up correctly.
- Villva shows your backup codes. Save them before continuing, see Backup codes.
After setup, the code-generating key is never shown again. Only you can set up 2FA for your own account.
Signing in with 2FA
Section titled “Signing in with 2FA”After your email and password, you’ll be asked for the 6-digit code from your app. A wrong or expired code is rejected with a clear message, just enter the current one. If you can’t reach your app, use a backup code instead.
If your organisation requires 2FA
Section titled “If your organisation requires 2FA”Your Org Admin (or Villva) may enforce 2FA for everyone. If that’s on and you haven’t set it up yet, your next sign-in takes you straight to the setup screen, and you can’t reach the app until you finish. The login screen makes clear whether it’s asking you to enter a code or to set 2FA up.
New organisations start with enforcement off. Turning enforcement off later does not remove 2FA from people who already set it up.
Turn 2FA off
Section titled “Turn 2FA off”You can disable 2FA from the same screen, but you must enter a current code to do it. If your organisation enforces 2FA, you won’t be able to turn it off.
Extra confirmation for sensitive actions (step-up)
Section titled “Extra confirmation for sensitive actions (step-up)”Some especially sensitive actions ask you to re-enter a fresh authenticator code even though you are already signed in, for example changing where payments are routed, exporting all of your data, deactivating many users at once, or granting someone an admin role.
- You confirm by typing a current code from your authenticator app.
- A successful confirmation opens a short 5-minute window to complete that one action. It only covers that specific action, you’ll be asked again for a different sensitive action.
- If you get the code wrong, you are not signed out; you simply can’t complete that action until you confirm.
- This applies to everyone, including admins. External customer-portal users are never asked for it.
For admins: enforcing 2FA
Section titled “For admins: enforcing 2FA”An Org Admin can turn 2FA enforcement on or off for the whole organisation (Villva can do this for any organisation). Non-admins can’t change the setting. When you switch it on, anyone without 2FA is guided through setup on their next sign-in. Every change records who made it and when. See also Users & roles.