This topic provides answers to some frequently asked questions about two-factor authentication.

How do I configure DingTalk as a two-factor authentication method?

  1. Log on to the DingTalk Admin Panel as a DingTalk administrator.
    Note If you are not a DingTalk administrator, contact your organization administrator to grant you administrative rights.
  2. On the Application Information page, create an H5 micro app and obtain the AppKey, AppSecret, and AgentId of the micro app.
  3. On the Permission Management page, configure the following permissions: Contact.User.mobile, fieldMobile, and qyapi_get_member_by_mobile.
  4. Configure DingTalk two-factor authentication on your bastion host. For more information, see Enable two-factor authentication.

I did not receive text messages for two-factor authentication. Why?

Perform the following steps to troubleshoot your issue.
  • Check whether Block Spam Messages or Block Unknown Numbers is enabled on your phone. If Block Spam Messages or Block Unknown Numbers is enabled on your phone, you can view the message content in the list of blocked messages or modify the message blocking rules.
  • Contact your telecom service provider to check whether the relevant messages are blocked.
Note In emergent situations, you can disable text message two-factor authentication and use another two-factor authentication method. For more information, see Enable two-factor authentication. If the issue persists, you can join the DingTalk Group numbered 33097550 to contact a technical expert.

Can I specify the same email address for multiple Bastionhost users when I specify emails as a two-factor authentication method?

Yes, you can specify the same email address for multiple Bastionhost users. If you want to specify the same email address for multiple Bastionhost users, specify the email address after you confirm that the operation does not pose threats.