There are three ways you can provide an extra level of security for your Intercom account. You can:
Require your teammates to sign in to Intercom through their Google account.
Require two-factor authentication (2FA) when you sign into your own Intercom account.
Require your teammates to sign in to Intercom through an identity provider (like Okta, or OneLogin) with SAML SSO.
Google SSO is available on all Intercom plans. SAML SSO is only available on certain Intercom plans. See our plans and pricing here.
For accounts created with Google sign-on, you won't see an option to select 2FA unless you reset your password.
If you choose 2FA, each of your teammates will have to protect their own Intercom accounts separately.
Just visit your Security settings and choose the option you’d prefer under "Authentication methods":
Note: You must have permission to access general and security settings to enable this.
Require your teammates to sign in through Google
Once set up, your Intercom account will be authenticated by your G Suite domain. And each of your teammates will sign into Intercom with a single click through their G Suite account.
Note: Requiring Google sign-on is available on all Intercom plans.
Require two-factor authentication (2FA)
If you select the 2FA option, each time you log in you will need to enter your password and provide a unique code. We use a QR-based system to generate the codes for you. Intercom is compatible with popular authenticator apps like Google Authenticator and Authy.
How to set it up
Setting it up takes about two minutes:
Choose the ‘Require two-factor authentication’ option and click ‘Save.’
Download an authenticator app like Google Authenticator or Authy.
You'll be asked to scan a QR code on your screen.
When you log in the next time, you'll need to add your password and then a code generated from your authenticator app on your smartphone.
Important: When you set up 2FA you'll be given the option to generate recovery codes. We recommend generating recovery codes to avoid potentially being locked out of your account.
Allow Google sign on and 2FA together
You’ll get both options each time you sign in (you can sign in through two-factor authentication or through your G Suite account).
Require SAML SSO with an identity provider
The most secure and simple way for your team to log in is by integrating Intercom with an identity provider like Okta or OneLogin.
Follow the steps in this article to configure your identity provider, to require SAML SSO (Single Sign On) from all your teammates, or offer it as one of your sign in options.
Enable 2FA on your Intercom account
You can enable 2FA on your own Intercom account in "Your account", which you can find by hovering over your avatar in the bottom left corner.
Important: If you created your account with Google sign-on, you must reset your password before you’ll see the option to set up 2FA.
Lost your 2FA device?
You can have a teammate send you a recovery code that you can use to login, check out our article here to learn how to do this.
Need more help? Get support from our Community Forum
Find answers and get help from Intercom Support and Community Experts