Two-Factor Authentication

clearPath supports time-based one-time-password (TOTP) two-factor authentication for every user account. When 2FA is enabled, sign-in requires the account password plus a six-digit code generated by an authenticator app on the user's phone — Google Authenticator, Microsoft Authenticator, Authy, 1Password, and any other RFC 6238 compatible app.

2FA is available across every clearPath edition and can be enforced per user. Pair it with the role-based permission matrix and the per-IP threat map for layered access control that satisfies the toughest IT review.

Request for Information Compare Editions

Key Benefits

  • Standard TOTP — RFC 6238
  • Six-digit code, 30-second rotation
  • QR-code pairing on first sign-in
  • Works with any TOTP authenticator app
  • Per-user enable / disable toggle
  • Available on every edition
  • Passwords are never stored in readable form
  • Pairs with failed-login auto-blocking

Enabling 2FA for a User

Administrators turn 2FA on or off from the user editor's Login tab. The toggle is per user, so you can require 2FA for the small group of accounts that handle configuration while leaving auditor-only accounts on a single password.

  • Per-user toggle on the Login tab of the user editor
  • On the user's next sign-in, clearPath shows a setup screen with a QR code
  • The user scans the QR code with an authenticator app
  • The app generates a fresh six-digit code every 30 seconds
  • The user enters the current code to confirm pairing and finish sign-in
  • Reset 2FA for a user at any time — the next sign-in re-pairs with a new QR code
User editor — Login tab with the Two-Factor Authentication toggle
Two-Factor Authentication sign-in prompt

Signing In with 2FA

After entering the username and password, the user is taken to the 2FA prompt. They enter the current six-digit code from their authenticator app and are signed in. The code rotates every 30 seconds, so a stolen password alone cannot get an attacker into the account — and a stolen code alone cannot either.

  • Username and password as usual
  • Six-digit code prompt on the second screen
  • Code rotates every 30 seconds
  • Tolerant of small clock drift between phone and server
  • Failed attempts feed the auto-blocking and threat map systems

Approved by IT. Loved by IPC.

Two-factor authentication is included on every clearPath edition. Combine it with LDAP / Active Directory, role-based permissions, and the threat map for an access story that survives any IT review.

Request for Information Compare Editions