Only available for

Configure and manage two-factor authentication (2FA) and single sign on (SSO).

To navigate to your Authentication settings in Onshape, click on your Account user icon (Account user icon) in the top right corner of your Onshape window. This opens a dropdown menu. Click Company/Classroom/Enterprise settings.

Click Authentication in the list on the left side of the page:

Enterprise settings: Authentication

Onshape highly recommends taking advantage of our two-factor authentication functionality. Two-factor authentication (2FA) allows you to configure your Onshape account to require more than a single password to sign in. Using one password to sign into a website makes you more susceptible to security threats because one piece of static information may be easy to guess or acquire. With 2FA, a second piece of information is required, and that second piece of information is generated dynamically during the sign in process, and may be different each time you sign in.

We highly recommend you use 2FA for Onshape and for all websites you use that support it.

Download a two-factor authentication app (like Google Authenticator) to your phone and set it up with Onshape through the Onshape user interface. This enables the app to generate a one-time code that Onshape is able to recognize. Once you enable 2FA in Onshape, Onshape will prompt you for the 2FA code after you sign in with your password.

You can allow the 2FA mechanism to remember the devices on which you sign in so that once you use 2FA authentication to sign in to Onshape from a specific device, you won't need a 2FA code to sign in on that device for 30 days.

  1. Download a two-factor authentication app to your device.

    2. Google Authenticator is one example.

  2. Sign in to your Onshape account.
  3. In the menu under your username, select My account.
  4. In the list on the left side of the page, click Security.
  5. To the right of Two-factor Authentication, click Enable.
  6. Click Set up two-factor authentication.
  7. Confirm password.
  8. Click OK.

Continuing from the instructions above:

  1. Use the Authenticator app on your device to scan the QR code presented in the Onshape user interface.

    2. Once registration is complete, the phone app will list a code for each registration you create. It is these codes that you enter into Onshape when presented with the 2FA sign in page.

    If you are not able to use the QR code, click the enter this text code link provided in the Onshape interface to obtain a code.

  2. Enter either the six-digit code that the 2FA app generates or the code supplied by Onshape.
  3. Click Enable.
  4. When the recovery codes are displayed, copy them to a safe place; you need access to them in the event you do not have your phone or the authentication app.
  5. Click OK.

Onshape provides you with 5 active recovery codes at a time. Keep these codes in a place accessible to you separate from your device or the authentication app.

Onshape cannot help you if you delete the app or lose your phone.

You can generate these Recovery codes at any time through the Onshape interface, but only the most recently generated series are active at any one time. Once you use a code it is no longer valid. When you generate a new list of codes, all previous codes (used or unused) become invalid.

When two-factor authentication is enabled, Onshape prompts you for a code upon sign in:

  1. After you enter the password to your Onshape account, you are prompted for the authentication code.
  2. Open the two-factor authentication app on your device to view the code; enter the code in Onshape.
  3. Click Verify.

In the event that you don't have access to the app, click the Enter a two-factor recovery code link to enter one of your current recovery codes.

You may disable (and re-enable) two-factor authentication at any time.

  1. On the Security tab of the User Profile page in Onshape click Manage, and then Disable:
  2. Confirm password.
  1. Click OK.

Should you need to replace a device on which you have 2FA enabled for Onshape:

  1. Before replacing the device, disable 2FA through the Onshape interface.
  2. Enable 2FA once the new device is online.

Note that Onshape doesn't support the Replace 2FA option.

See Configuring integration with identity providers.