Changes

Multi-Factor Authentication

40 bytes removed, 17:01, 11 January 2023
m
no edit summary
* '''Single Use Verification Code '''sent via email or SMS, which is better suited for external users or users who login infrequently 
=Configuration - Essentials=
All settings related to multi-factor authentication are in a single location
[[File:Authentication Options.png|thumb|none|800px|Authentication Options]]
===Setting up Verification Codes for Email===
The easiest way to set up MFA is through the email that was used for user registration and login. Be sure to follow the instructions carefully to avoid accidentally locking yourself or others out of their accounts.
 
# Go to '''Menu Icon''' > '''Global Settings''' > '''Security''' tab > '''Password and Activation Policies''' and then scroll down to the section marked '''Authentication Options'''.
# Toggle on '''Enable Multi-Factor Authentication'''. You will see additional settings displayed for different authentication methods. 
# Under the '''Roles with Verification Code via SMS or Email''' setting, you will need to decide which roles need to be authenticated via a verification code sent through the email address used for login. Ensure that users assigned to this role have not opted out of receiving system emails. Click the '''Save''' button at the bottom of the page to activate changes.<br /> [[File:2022-11-ticket-139210-3.png|thumb|none|500px]]
 
 
===Logging in with a Verification Code from Email===
When a user has been assigned a role that requires a verification code, they can login using the following steps:
 
# When the user logs in using their email and password, they will be prompted to enter a verification code that was sent to their email. <br /> [[File:2022-11-ticket-139210-4.png|thumb|none|500px]]
# The user can check their email to copy the verification number. <br /> [[File:2022-11-ticket-139210-5.png|thumb|none|500px]]
# Enter the verification code into the field and then click '''Submit''' to finish authenticated login.
 
===Setting up Verification Codes for SMS===
In order for users to receive SMS messages, a SmartSimple administrator must first enable SMS services by going to '''Menu Icon''' > '''Global Settings''' > '''Communications''' tab > Toggle on '''Enable SMS Notification'''. Ensure that the target users have an active mobile number filled into this standard field. If the phone number field is empty, users will not be able to receive any SMS messages for login and may be locked out of their accounts once activated.
[[File:2022-11-ticket-139210-8.png|thumb|none|500px]]
 
===Logging in with a Verification Codes for SMS===
# When the user logs in, they will be presented with the option to receive a verification code via email (if available) or through SMS. The user can click '''Send Code by Text Message'''. <br /> [[File:2022-11-ticket-139210-6.png|thumb|none|500px]]
# The user can check their mobile messages, enter the code into the field, and then click '''Submit''' to finish authenticated login. <br /> [[File:2022-11-ticket-139210-7.png|thumb|none|500px]]
 
=Configuration - Advanced=
===Enforce TOTP Multi-Factor Authentication for Particular Roles===
'''NOTE:''' Before enabling MFA for use with TOTP, all existing users with roles intended for TOTP must first scan their '''TOTP Secret Key''' or '''TOTP QR Code''' into an authenticator app.
When logging into the system for the first time after TOTP has been activated on the user's role, the user must first follow these steps:
:# For existing users: from the login page, enter your email and password as usual to log in. For new users: use the Activation Link to set a password, and submit.
:# You will then be presented with the following screen: <br /> [[File:MFASetupTOTP.png|thumb|none|800px|TOTP Setup Page.]]
:# Follow the instructions listed on the screen, starting by installing an authenticator app on your mobile device.
:# In the field '''Roles this role can reset TOTP for''', select the other roles that this role can reset TOTP on behalf of. <br /> [[Image:RolesTOTPReset.png|500px]]
:# Click '''Save''' when complete.
 
===Setting up Verification Codes for Email===
The easiest way to set up MFA is through the email that was used for user registration and login. Be sure to follow the instructions carefully to avoid accidentally locking yourself or others out of their accounts.
 
# Go to '''Menu Icon''' > '''Global Settings''' > '''Security''' tab > '''Password and Activation Policies''' and then scroll down to the section marked '''Authentication Options'''.
# Toggle on '''Enable Multi-Factor Authentication'''. You will see additional settings displayed for different authentication methods. 
# Under the '''Roles with Verification Code via SMS or Email''' setting, you will need to decide which roles need to be authenticated via a verification code sent through the email address used for login. Ensure that users assigned to this role have not opted out of receiving system emails. Click the '''Save''' button at the bottom of the page to activate changes.<br /> [[File:2022-11-ticket-139210-3.png|thumb|none|500px]]
 
 
===Logging in with a Verification Code from Email===
When a user has been assigned a role that requires a verification code, they can login using the following steps:
 
# When the user logs in using their email and password, they will be prompted to enter a verification code that was sent to their email. <br /> [[File:2022-11-ticket-139210-4.png|thumb|none|500px]]
# The user can check their email to copy the verification number. <br /> [[File:2022-11-ticket-139210-5.png|thumb|none|500px]]
# Enter the verification code into the field and then click '''Submit''' to finish authenticated login.
 
===Setting up Verification Codes for SMS===
In order for users to receive SMS messages, a SmartSimple administrator must first enable SMS services by going to '''Menu Icon''' > '''Global Settings''' > '''Communications''' tab > Toggle on '''Enable SMS Notification'''. Ensure that the target users have an active mobile number filled into this standard field. If the phone number field is empty, users will not be able to receive any SMS messages for login and may be locked out of their accounts once activated.
[[File:2022-11-ticket-139210-8.png|thumb|none|500px]]
 
===Logging in with a Verification Codes for SMS===
# When the user logs in, they will be presented with the option to receive a verification code via email (if available) or through SMS. The user can click '''Send Code by Text Message'''. <br /> [[File:2022-11-ticket-139210-6.png|thumb|none|500px]]
# The user can check their mobile messages, enter the code into the field, and then click '''Submit''' to finish authenticated login. <br /> [[File:2022-11-ticket-139210-7.png|thumb|none|500px]]
 
 
=Settings Explained=
Smartstaff
2,361
edits