Smartstaff
2,094
edits
Changes
m
→Multi-Factor Authentication Enabled by Default
====Multi-Factor Authentication Enabled by Default====
: ''Main Article: [[Multi-Factor Authentication]]''
'''Multi-Factor Authentication(MFA)''' (MFA) using verification codes sent by email will be enabled for all systems to improve security. If you have already enabled MFA in your SmartSimple Cloud system and have assigned roles to a single-use verification code sent by email, this enhancement will NOT change your existing settings. You may change your MFA preferences after the upgrade but we recommend you adjust your settings prior to the upgrade. If you did not set up MFA prior to the upgrade, the 'Everyone' role will be added to the setting called '''Roles with Verification Code via SMS and Email'''.
[[File:2022-11-ticket-144811-1.png|thumb|none|800px|The MFA setting above will be updated to "Everyone" if this Role setting is empty.]]
'''Time-based One-Time Password(TOTP)''' (TOTP) settings will NOT be affected. In addition, the setting '''Enable Trusted Device''' will also be toggled on by default. This allows users to choose whether they want the system to remember their device the next time they log in. Remembered devices can also be set to expire after a specific number of days by using the '''Expire Devices After''' setting.
<u>'''Note:'''</u> Backup environments will be allowed to send out MFA emails. If your backup environment is not sending out emails, check to see if you have set up a default email address. To do this, go to '''Menu Icon''' > '''Global Settings''' > '''Communications''' tab > '''Email Options and Security''' > Toggle on '''Enable Default From Address'''. In the '''From Address''' field, you would typically enter something like ''donotreply@smartsimplemailer.com''. If this field is empty, as part of this upgrade, we will be populating it with the email address used for new users (located at''' Menu Icon''' > '''Global Settings''' > '''Security''' tab > '''Password and Activation Policies''' > '''Activation Emails''' tab > '''From Address''').
If you are using an SMTP relay and/or have a dedicated instance, [https://wiki.smartsimple.com/wiki/Multi-Factor_Authentication#Setting_up_a_Default_Email_Address make sure you have set up a default email address that matches your domain]. Additionally, if you are using the SMTP relay with an IP restriction for sending emails, ensure the IP of your environments is in your IP list (backup, testing, production). If you need to help with identifying the IPs of your environments or have questions, reach out to our support team.
If you are using '''Single Sign-On(SSO)''' (SSO), you may opt to bypass MFA by going to '''Global Settings''' > '''Integrations''' tab > '''Single Sign-On''' > Edit a configuration then under the Authentication section > Toggle on '''Bypass Multi-Factor Authentication (MFA) when logging in with Single Sign-On (SSO)'''.
<!-- 144811 - Apply MFA to all systems -->