Two-Factor Authentication Settings for Administrators

Have more questions? Submit a request

Firm users with administrator permissions can invite, require, and disable two-factor authentication (2FA) for other firm users on the Clio Manage account. Users who are invited can choose not to turn on 2FA. Users who are required must enable 2FA on their next log in. Disabling 2FA is beneficial when a user is locked out of their account and is unable to sign in or use backup codes.

Important: Only users with administrator permissions and the primary subscriber on the account can see the 2FA status of active users at their firm and perform the actions below.

Invite users

  1. Go to Settings > Security & Compliance > Firm Security.
  2. Click Invite to enable 2FA beside a user’s name. This action will send the user an email requesting that they turn on 2FA with instructions on how to do so.
  3. Optional: Click Send reminder to send the invited user a reminder.


Require 2FA

  1. Go to Settings > Security & Compliance > Firm Security.
  2. Find the user and toggle on the button below Require 2FA. The user will be required to enable 2FA the next time they log in.
Note: If the column reads N/A, try again the next day. Newly created users may not immediately be migrated to the identity service that supports requiring 2FA.


Disable 2FA

If a firm user is locked out of their Clio account and they are unable to sign in or use any backup codes, an administrator can disable 2FA on their account as long as the administrator has 2FA enabled on their own account first.

Important: An administrator cannot disable 2FA on the primary subscriber’s account. If this method does not work, the user will need to contact Clio's support team to proceed with the account recovery process. Learn more here.
  1. Go to Settings > Security & Compliance > Firm Security.
  2. In the column below Action, click Disable 2FA.
  3. When the warning prompt appears, check the box confirming that you want to disable 2FA and then click Disable 2FA.
Tip: If a user runs out of backup codes, disabling and re-enabling 2FA will produce a new set of backup codes.


Need more help?

Was this article helpful?
0 out of 0 found this helpful