NOTE: This is still in beta
With Frame.io two-factor authentication, Enterprise account owners can require that all users with access to their account have two-factor authentication enabled to ensure account security.
When an account enables required two-factor authentication, all users in their account have a 24-hour window to enable two-factor authentication. Frame.io supports two verification methods for users to receive their two-factor authentication codes: an authenticator app (such as Google Authenticator) or text message.
If a user on your account is locked out of Frame.io, contact our Support team to suspend two-factor authentication for the user for a 24-hour period.
How it works
If you are on an Enterprise account and interested in requiring two-factor authentication for all account members, contact our Support team through the chat icon on the bottom right. They will confirm and enable the required two-factor authentication for the account.
Once enabled, all account members on your account will be sent an email informing them that they have 24 hours to enable two-factor authentication. Additionally, any new users joining via an invite from this point will be required to enable two-factor authentication before they can access the account.
If a user on the account does not enable two-factor authentication within 24 hours, they will be logged out of Frame.io for security reasons. Upon re-login, they will be routed to the two-factor authentication setup flow.
NOTE: if you have SSO enabled, any of the users who log in via SSO will not be required to enable 2FA, as your identity provider manages their authentication.
Q: I’m an individual user who wants to enable two-factor authentication on my own. How do I do that?
A: At this time, we do not support per-user self-service 2FA management.
Q: What do I do if I’m locked out of Frame.io because I don’t have the device I use for two-factor authentication?
A: You can enter one of the backup codes you received during the two-factor authentication setup by clicking on “Enter recovery code” in the Frame.io login flow. Keep in mind that each backup code can only be used once.
If you don’t have your backup codes, please reach out to your account admin to grant you a 24-hr pass into the account. After 24 hours have elapsed, you’ll be logged back out and will need to re-enable two-factor authentication for your login.
Q: Will there be complications with 2FA for users on their personal email address instead of their work address on Frame.io?
A: It’s important to remember that once you require two-factor authentication, the users on the account will have to set it up to get into Frame.io. If you have individuals in your organization who are using their personal emails to access Frame.io, the best practice is for them to switch over to their work emails ahead of requiring two-factor authentication—that way, they can get into their personal accounts without having to enable two-factor authentication. This can be done by accessing Account Settings > Email / Password and changing the Primary Email Address.
Q: I’m an account admin, and I need to disable two-factor authentication for a locked-out user. What do I do?
A: Please reach out to our support team. They’ll disable two-factor authentication for the user for a 24-hour period, so they get back into Frame.io. After the 24-hour window has elapsed, the user will be logged out of Frame.io automatically — upon login, they’ll be asked to re-enable two-factor authentication.