HELP FILE

GoToAssist Two-Factor Authentication

Two-Factor Authentication (also known as Two-Step Verification) is an added level of security that can be enabled at the account-level for a GoToAssist Remote Support account. Used with an authenticator app (such as LastPass Authenticator, Google Authenticator, etc.), users are required to enter a one-time code that gets generated by the authenticator app on the user’s mobile device. This added layer of security makes credential attacks very difficult because the attacker would need the user name (account email address), password, and either the one-time code or the account holder's mobile device to compromise the account.

When a user logs in to their GoToAssist Remote Support account from their desktop, they will enter their account email address and password first. They will then see a message that initiates the two-factor enrollment process (if they are not already enrolled). To complete the sign-in using Two-Factor Authentication, the user will need to have their mobile device to verify the access request.

Once the user has their mobile authenticator app set up, the added step of validating the account access request on their mobile app ensures ironclad security. Users can re-enroll in Two-Factor Authentication if their mobile device is lost or replaced.

Watch Video

Topics in this article:

Enabling Two-Factor Authentication

Enrolling in Two-Factor Authentication

Logging in using Two-Factor Authentication

Resetting Two-Factor Authentication

Enabling Two-Factor Authentication

Admins can enable Two-Factor Authentication at the account-level – meaning all agents with a Remote Support seat (regardless of which device group they are assigned) will be required to first enroll their account, then use a one-time code (generated from their linked mobile authenticator app) to log in and host support sessions from their desktop or mobile device.

Note: Once Two-Factor Authentication is enabled, all agents will be required to enroll in order to log in to GoToAssist, and all device groups must be set to the required version & build number (v4.3, b1575 or later) specified in Admin Settings to support the use of this feature.

To enable Two-Factor Authentication for an entire account, admins can do the following:

  1. Log in to the Admin Center.
  2. Select Admin Settings from the menu in the left navigation.
  3. In the "Two-Factor Authentication" section, click Edit.
  4. Select the Enabled option, and note the required version and build number specified in order to use Two-Factor Authentication (as it will be required that all of your device groups be set to this version).
  5. An additional message will appear indicating that once Two-Factor Authentication is enabled, users who are logged in or are actively in session will not be forced to enroll until they have logged out. Here, you can specify a date (within 14 days of the date you are enabling this feature) that will automatically force users to log out and enroll.
  6. Click Save.

Two-Factor Authentication

Enrolling in Two-Factor Authentication

The first time enrolling in Two-Factor Authentication, you start by logging into your application via your web browser. A series of dialog boxes will then guide you through the steps.

You will need both a desktop or laptop and a mobile device to complete the enrollment. It is recommended that you begin the enrollment process on your laptop or desktop if possible; you can complete the enrollment process on your mobile device, but it requires a manual step.

Note: The following enrollment flow applies to the desktop app for Windows (this feature is also supported on Mac), however, the same instructional text displays during the enrollment process for all apps. If using a mobile app to enroll, you must manually enter the Key to link your mobile authenticator app, even if it is on the same mobile device.

Enrolling via your desktop web browser

  1. Download the GoToAssist Expert desktop application, then fill in your email address and password and click Sign in.

Sign In - GoToAssist

  1. The service determines if you have been enrolled in two-factor before allowing you to access the application. If you are already enrolled, skip to the next steps.  If you have not yet been enrolled, you automatically start the enrollment process. When the enrollment message displays, click Continue.

  1. An email is sent to the email address that identifies your account. This verifies that the correct user is interacting with the system.
  2. Go to your email account and open the "Email Verification" email, then copy the six-digit code.

  1. In the Verification email has been sent dialog, enter or paste the code you copied from the email and click Continue.

  1. The dialog displays instructing you to install an authenticator app (e.g., LastPass Authenticator, as shown below) on your SmartPhone device. On your mobile device, go to the application store and install an authenticator app. Once installation is complete click Continue. If you already have an authenticator app installed, you do not need to reinstall the app.

  1. The Connect to your mobile device dialog displays. Leave it up on your desktop web browser and complete the steps to install an authenticator app on your mobile device, then click Continue. You have the options of either (a) scanning a bar code (the QR code) or (b) manually entering the code displayed on the screen in the authenticator app.

  1. Once you have linked your authenticator app with your GoToAssist account, the one-time authentication code is displayed in the mobile app, which you can now enter in the Enter setup code window and click Continue.

  1. Congratulations! You have completed the Two-Factor Authentication enrollment. Click Continue to access the application, which will require you to enter a new code in order to log in and use GoToAssist.

Logging in using Two-Factor Authentication

Once your GoToAssist account is enrolled, you can log in to GoToAssist using the desktop, web, or mobile apps.

Using the desktop app:

  1. Launch the GoToAssist Expert desktop application for Windows or Mac.
  2. Enter your account email address and password and click Sign in.
  3. The service determines that you are enrolled in Two-Factor Authentication. You are asked to enter the two-step code from your authenticator app.
  4. Open the authenticator app on your mobile device, then enter the number displayed into the desktop app and click Continue to log in to the app and host support sessions.

Windows

Mac

Using the Web App:

  1. Log in to the https://up.gotoassist.com with your account email address and password.
  2. The service determines that you are enrolled in Two-Factor Authentication. You are asked to enter the two-step code from your authenticator app.
  3. Open the authenticator app on your mobile device, then enter the number displayed into the desktop app and click Continue to log in to the app and host support sessions.

Using the Android app:

  1. Launch the GoToAssist (Remote Support) app for Android.
  2. Log in with your account email address and password.
  3. The service determines that you are enrolled in Two-Factor Authentication. You are asked to enter the two-step code from your authenticator app.
  4. Open the authenticator app on your mobile device, then enter the number displayed into the desktop app and click Continue to log in to the app and host support sessions.

Using the iOS app:

  1. Launch the GoToAssist (Remote Support) app for iOS.
  2. Log in with your account email address and password.
  3. The service determines that you are enrolled in Two-Factor Authentication. You are asked to enter the two-step code from your authenticator app.
  4. Open the authenticator app on your mobile device, then enter the number displayed into the desktop app and click Continue to log in to the app and host support sessions.

Resetting Two-Factor Authentication

If you ever lose or replace your Two-Factor enabled device, you can go through the enrollment process again on your new device. This will replace the previously established Two-Factor Authentication tied to your account, so that the GoTo app authenticates with the most recently enrolled device.

NOTE: If you are using the LastPass Authenticator, you can use LastPass Authenticator’s cloud backup to restore your multi-factor tokens if you lose or replace your phone. You can reinstall LastPass Authenticator on your mobile device, and your account credentials are available on the device, including your two-factor tokens.

If you no longer have access to your Two-Factor enabled mobile device:

  1. On your desktop web browser, go to https://up.gotoassist.com, enter your account email address and password, then click Sign in.
  2. When prompted to enter your two-step verification code, click Set up a new mobile device.
  3. Follow the prompts beginning at Step #1 to finish the enrollment process.

If you do still have access to your Two-Factor enabled mobile device:

  1. On your desktop web browser, go to https://up.gotoassist.com, enter your account email address and password, then click Sign in.
  2. Open the authenticator app on your mobile device, then enter the number displayed into the desktop app and click Continue.

  1. Back on your desktop web browser, use the account name drop-down menu in the toolbar in the top navigation, then select My Account.
  2. In the "Login Info" section, click Edit.
  3. Under "Reset two-step-verification" click Set up new device.
  4. Follow the prompts beginning at Step #2 to complete the enrollment process. Note: The "Reset two-step verification" option will be displayed in the right navigation only if the account is enabled for Two-Factor Authentication and a device is enabled.