Skip to main content
This guide explains how to enable, configure, and enforce two-factor authentication for users in your PlaneConnection workspace.
This feature requires administrator or workspace owner permissions. Changes made here affect all users in your workspace.
Who should read this: Workspace administrators responsible for security policy.Prerequisites: Admin or Account Owner role.

Why enforce 2FA

Two-factor authentication adds a second verification step beyond passwords, protecting your workspace even if a user’s password is compromised. For Part 135 operators handling safety-sensitive data, 2FA helps satisfy the access control expectations of 14 CFR Part 5 safety data protection.

Configure 2FA settings

Navigate to Settings > Security > Two-Factor Authentication.

2FA policy options

PolicyDescription
OptionalUsers can choose to enable 2FA on their own. No enforcement.
RecommendedUsers see a prompt to enable 2FA at sign-in but can dismiss it.
Required for adminsAdmin and Account Owner roles must have 2FA. Other roles are optional.
Required for allEvery user must set up 2FA before accessing the workspace.

Supported 2FA methods

PlaneConnection supports multiple second-factor methods:
MethodDescription
Authenticator appTime-based one-time passwords (TOTP) from apps like Google Authenticator, Authy, or 1Password.
PasskeysBiometric or hardware-based authentication (fingerprint, Face ID, security keys). Must be enabled for your workspace.
Device authorizationTrusted device approval flow. Must be enabled for your workspace.

Enable 2FA enforcement

1
Choose a policy
2
Select your desired 2FA policy from the dropdown on the Two-Factor Authentication settings page.
3
Set a grace period
4
If switching from Optional to Required, set a grace period to give users time to set up their second factor:
5
Grace periodBehaviorNoneUsers must set up 2FA immediately on next sign-in.7 daysUsers are prompted but can skip for up to 7 days.30 daysUsers are prompted but can skip for up to 30 days.
6
Save and notify
7
Click Save. Users who need to set up 2FA receive an email notification with instructions.
Start with Required for admins before rolling out to all users. This ensures your most privileged accounts are protected first while giving other users time to prepare.

Manage passkeys

If passkeys are enabled for your workspace, users can register hardware security keys or platform authenticators (Touch ID, Windows Hello) as their second factor. Navigate to Settings > Security > Passkeys to view passkey enrollment status across your workspace:
  • Number of users with passkeys registered
  • Users with no second factor configured
  • Recent passkey registrations

Reset a user’s 2FA

If a user loses access to their second factor (lost phone, broken security key):
  1. Navigate to Settings > Members and find the user.
  2. Click Edit on their profile.
  3. Click Reset 2FA. This removes all registered second factors for the user.
  4. The user must set up 2FA again on their next sign-in.
Resetting a user’s 2FA removes all their registered authenticators and passkeys. They will need to re-register from scratch. Only do this after verifying the user’s identity through an out-of-band channel (phone call, in-person verification).

Manage Security

Broader security settings including session policies.

Configure SSO

Set up single sign-on alongside 2FA.

Permissions Matrix

Role-based access control details.
Last modified on April 11, 2026