Configuring two-step verification
This topic is intended for Customers that have Autodesk Accounts (when Flow Production Tracking sites have been migrated). For more information about using two-factor authentication with sites prior to migrating to Autodesk Accounts or when using Legacy Logins and Passphrases for authentication, see this section instead.
Configuring a 2FA for your account is a good security practice. Also, your Flow Production Tracking admin can require you to have 2FA enabled to access your Flow Production Tracking site. You can configure your 2FA settings from https://profile.autodesk.com/.
To learn more, see Set up two-step verification.
2FA cannot be enabled when email domains have SSO configured with Autodesk Identity.
Learn more about configuring your site expiry here. A session is considered expired if its last update was more than 1 hour/day/week in the past depending on how this security setting is configured. Every time you interact with Flow Production Tracking, the session is updated. Thus, the session’s expiration gets pushed back as the user interacts with the software.
When accessing Flow Production Tracking with a session generated from the API, sessions are subject to this session expiration setting.
Sessions in a web browser—initiated by logging in with Autodesk Identity are controlled differently. In that case, it is the Autodesk Identity session duration that controls the session expiry (based on your browser cookies). These Autodesk Identity sessions are valid for 13 days. That said, if Flow Production Tracking redirects the user back to Identity to validate their session, they will need to re-authenticate.
For 2FA tokens requested with API connections, this setting is specific to Flow Production Tracking's authentication, and independent of Autodesk Identity's. You can enable/disable this with this Security setting in Site Preferences. If you are able to securely identify the user requesting a new session, then the 2FA may be unnecessary, depending.