There are three ways you can provide an extra level of security for your Intercom account. You can:
- Require your teammates to sign in to Intercom through their Google account.
- Require two-factor authentication (2FA) when you sign into your own Intercom account.
- Require your teammates to sign in to Intercom through an identity provider (like Okta, or OneLogin) with SAML SSO. This is only available on certain Intercom plans. See our plans and pricing here.
- For accounts created with Google sign-on, you won't see an option to select 2FA unless you reset your password.
- If you choose 2FA, each of your teammates will have to protect their own Intercom accounts separately.
Just visit your Security settings and choose the option you’d prefer:
Note: You must have permission to access general and security settings to enable this.
Require your teammates to sign in through Google
Once set up, your Intercom account will be authenticated by your G Suite domain. And each of your teammates will sign into Intercom with a single click through their G Suite account.
Important: Requiring Google sign-on is only available on certain Intercom plans. See our plans and pricing here.
Require two-factor authentication (2FA)
If you select the 2FA option, each time you log in you will need to enter your password and provide a unique code. We use a QR-based system to generate the codes for you. Intercom is compatible with popular authenticator apps like Google Authenticator and Authy.
How to set it up
Setting it up takes about two minutes:
- Choose the ‘Require two-factor authentication’ option and click ‘Save.’
- Download an authenticator app like Google Authenticator or Authy.
- You'll be asked to scan a QR code on your screen.
- When you log in the next time, you'll need to add your password and then a code generated from your authenticator app on your smartphone.
Important: When you set up 2FA you'll be given the option to generate recovery codes. We recommend generating recovery codes to avoid potentially being locked out of your account. You'll also need a recovery code to disable 2FA (for example, if you're switching phones).
Allow Google sign on and 2FA together
You’ll get both options each time you sign in (you can sign in through two-factor authentication or through your G Suite account).
Require SAML SSO with an identity provider
The most secure and simple way for your team to log in is by integrating Intercom with an identity provider like Okta or OneLogin.
Follow the steps in this article to configure your identity provider, to require SAML SSO (Single Sign On) from all your teammates, or offer it as one of your sign in options.
Enable 2FA on your Intercom account
You can enable 2FA on your own Intercom account in "Your account", which you can find by hovering over your avatar in the bottom left corner.
Important: If you created your account with Google sign-on, you must reset your password before you’ll see the option to set up 2FA.
Lost your 2FA device?
We can temporarily disable 2FA on your account after verifying the request with a teammate. The other teammate must be logged in to your Intercom workspace.
To request your own 2FA reset
Start a conversation in the Messenger with the following:
"I wish to reset 2FA for my account, <Your email address>.
My request will be verified by <Your teammate's email address>."
To verify a teammate's 2FA reset
Log in to Intercom, and start a conversation in the Messenger stating: "I verify the 2FA reset request for <Your teammate's email address>"