Introduction
Two-factor authentication (2FA) adds a second verification step at login so a stolen password alone can't get someone into your Level account. Every technician should have it enabled. Organization admins can also make it mandatory for the entire team.
Enabling 2FA on Your Account
Each technician sets up 2FA individually from their account settings.
Cliquez sur your profile picture in the top-right corner.
Sélectionnez Account.
Scroll to the Two-Factor Authentication section.
Cliquez sur Activer 2FA.
A QR code appears on screen.
Open your authenticator app and scan the QR code.
Entrer the 6-digit one-time code from the app to confirm setup.
Copy and save the recovery codes shown on screen.
💡 CONSEIL : Store recovery codes somewhere secure and offline — a password manager works well. These are your only way back in if you lose access to your authenticator app.
Enforcing 2FA Across Your Organization
⚠️ WARNING: If you lose your authenticator app and don't have recovery codes saved, you'll be locked out of your account. Contact your organization admin or Level support to regain access.
Organization admins can require all technicians to set up 2FA before they can continue using Level.
Navigate to Paramètres → Sécurité.
Activer the Require two-factor authentication toggle.
Once enabled, any technician who hasn't set up 2FA will be prompted to do so on their next login. They won't be able to access Level until they complete enrollment.
ℹ️ REMARQUE : Enforcing 2FA doesn't retroactively log out existing sessions. Technicians with active sessions see the prompt the next time they log in.
Logging In with 2FA
After 2FA is set up, the login flow adds one step.
Entrer your email and password as normal.
Entrer the 6-digit code from your authenticator app when prompted.
The code refreshes every 30 seconds. If a code fails, wait for the next one and try again.
Recovery Codes
Recovery codes let you bypass 2FA if you lose access to your authenticator app. Each code works once.
To view or regenerate your recovery codes:
Cliquez sur your profile picture → Account.
Scroll to Two-Factor Authentication.
Cliquez sur Afficher Recovery Codes (or Regenerate Recovery Codes to get a new set).
⚠️ WARNING: Regenerating recovery codes invalidates your existing set immediately. Make sure you save the new ones before closing the dialog.
Disabling 2FA
Technicians can disable 2FA on their own account from Account → Two-Factor Authentication → Désactiver 2FA.
ℹ️ REMARQUE : If your organization has enforcement enabled, you won't be able to disable 2FA. The option will be unavailable until an admin turns off the org-wide requirement.
Questions fréquemment posées
Who can require 2FA for the whole organization? Only Organization Admins can enable the Require two-factor authentication setting under Paramètres → Sécurité. Individual technicians can only manage their own 2FA enrollment.
What authenticator apps work with Level? Any TOTP-compatible app works: Duo, Google Authenticator, Microsoft Authenticator, Authy, 1Password, and most others. Level doesn't require a specific app.
A technician lost their phone. How do they get back in? If they have recovery codes saved, they can use one at login instead of a 2FA code. If they don't have recovery codes, they'll need to contact an org admin or Level support to reset their 2FA.
Does 2FA apply to the Level API as well? Non. 2FA applies to web interface logins only. API access is controlled by API keys, not session-based authentication. See Paramètres → API Keys for managing API access.
What happens to existing sessions when I enforce 2FA org-wide? Actif sessions aren't terminated immediately. Technicians without 2FA set up will see the enrollment prompt on their next login.