# Settings

### Overview

Enhance the security of your Employee Vault by setting up two-factor authentication (2FA) for current and former employees.&#x20;

<figure><img src="/files/tfLYbPVOZYKGUyKrtnjv" alt="" width="563"><figcaption></figcaption></figure>

***

### Two-Factor Authentication (2FA) Settings

Enhance the security of your Employee Vault by setting up two-factor authentication (2FA) for both current and former employees. Admins can select from three 2FA options: 2FA token over email, 2FA token via Google Authenticator, or no 2FA.

For those choosing 2FA over email, the default token validity is 15 minutes, but this can be adjusted. By default, 2FA is required until the next login, but vault admins can set a more aggressive policy, requiring 2FA after intervals of 15 minutes, 30 minutes, 1 hour, 1 day, 1 week, or 1 month. These intervals can be set differently for current and former employees to meet specific security needs.

**Set Different Policies for Current vs. Former Employees**

Customize the 2FA time policy separately for current and former employees to meet your security requirements.

#### Notes on 2FA Settings

{% hint style="info" %}
The selected 2FA channel becomes the default channel for sending the 2FA token. Users still have the option to switch to the other channel.

For example, if "2FA Token over Email" is selected, the user will receive the 2FA token via email the first time they access the vault post-login. They can choose to use the email token or switch to Google Authenticator by clicking the "Use Google Authenticator Instead" link and entering the token from the Google Authenticator app.
{% endhint %}

***

### Vault Retention Policy

The vault retention policy allows admins to set how long files are retained in the Employee Vault for both current and former employees. Two options are available: keeping files forever or specifying a number of days after which files are deleted from the vault.&#x20;

Admins can customize retention periods separately for current and former employees to ensure compliance with organizational policies and legal requirements.

**Different Policies for Current vs. Former Employees**

Set distinct retention periods for current and former employees to ensure compliance with organizational and legal requirements.

***

By configuring these settings, you can enhance the security and manage the lifecycle of documents within the Employee Vault, ensuring that sensitive information is protected and retained according to your policies.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://guides.mangoapps.com/admin-guide/module-settings/vault/settings.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.