The Lookout Manual
      Back to home
      1. The Lookout Way Support 2024
      2. The Lookout Manual

      Login management

      How to reset a users password, reset two-factor authentication, log out a user or enable/disable a user.

      The Login Management Access Role permission allows you to reset passwords and two-factor authentication for other users and log out, enable, or disable user accounts.

      To grant a staffer this permission, please refer to Using Access roles in Lookout.


      Once the Login Management permission is added to your access role, a new Login Management section will appear in a user's profile, providing buttons for various login management functions.

      Log-out user

      Logs out the user from all their devices, forcing them to log in again.

      Disable/Enable user

      • Disable User: prevents the user from accessing any of the app's functionality

        • They will still be able to log in, but they won't be able to access anything.

      • Enable User: permits the user to access functionality within the app.

        • This will reset the "User Since" time.

      Single sign-on (SSO)

      Allows the user to authenticate using SSO. An SSO identifier is required for this feature to work, but you won’t need to enter it manually. There is a directory syncing path during configuration.


      If your instance is not yet configured to support SSO, this option will be disabled. To start using this feature, contact our account management team by clicking the 'Chat with Sales' button.

      Email & password

      Enables the user to log in to their account using their email and password combination, which is the default login method.

      Send password reset email

      Sends the user an email with a password reset link.


      To confirm the delivery status of these password reset emails, open the Email Deliveries page by clicking your name in the side navigation.

      Two-factor authentication (2FA)

      • On: Requires the user to enter a 2FA code when logging in using email. If enabling it for the first time or resetting, the user can log in without a code but will be prompted to set up 2FA after a successful login.

      • Off: Disables two-factor authentication and removes all 2FA configuration data.

      We strongly recommend enabling Two-Factor Authentication (2FA) to strengthen your account security and protect against unauthorised access.


      Set up 2FA

      FAQs

      Will Lookout 2FA still be required if I log in using SSO?

      No, Lookout will not prompt users to enter an additional 2FA code when logging in via SSO. However, users may still be required to complete 2FA if it is part of their SSO authentication process (e.g., entering 2FA to complete the Microsoft sign-in).

      Can 2FA be enabled for helpers?

      The two-factor authentication setting in Lookout can only be toggled for Staffers. That said, 2FA for helpers can be enabled through SSO logins if enforced within your IDP (e.g. Microsoft Entra).

      Can I enforce SSO as the only login method for my staffers?

      Yes, you can enforce SSO as the only login method by disabling the Email & password login option.