Changes

Multi-Factor Authentication

999 bytes added, 20:36, 14 December 2022
Configuration - Advanced
=Configuration - Advanced=
===If the Mobile device Associated with Enforce TOTP is MisplacedMulti-Factor Authentication for Particular Roles=== <strong>NOTE:</strong> If a mobile device associated with TOTP is misplaced, TOTP must be reset by a Global Admin, or a user in a role with <strong>Role can reset TOTP for</strong> permissions in the role's setting page.Once downloaded, the following steps will allow the user to sync their SmartSimple account with their mobile authentication application: :# Go to '''User Menu''' > '''Personal Settings''' <br /> [[Image:PersonalSettingsUserMenu.png|200px]]:# Select the '''Security''' tab in the following modal window. <br /> [[Image:MFAQR.png|500px]]:# On your mobile device, open the authenticator app and select “Add new device” or similar. Then select “Scan QR Code” or similar. <br /> [[Image:ScanQR.jpg|500px]]:# Using the scanner within the mobile app, scan the '''TOTP QR Code''' found under your '''Personal Settings'''.:# A new device should be added to your list. Alternatively, you could also use the '''TOTP Secret Key''' as opposed to the '''TOTP QR Code'''.:# In your SmartSimple instance, (logged in as Global Admin) in the '''Configuration Menu''' (9-Square Grid Icon), select '''Global Settings'''.<br /> [[Image:GlobalSettings5.png|250px]]
:# Select the '''Security''' Tab from the Global Settings.
:# Click '''Password and Activation Policies'''.
:# Toggle on '''Enable Trusted Device''' if you would like users to be able to bypass entering a code for a time period after the code has been successfully entered. If enabled, also enter the time period that the 2-Factor Authentication will be bypassed for trusted users.
:# Scroll to the bottom of the page and click '''Save'''.
:# To test your MFA, log out of your account, and then log back in. You should now see a page following login called “Multi“Set Up Multi-Factor Authentication.” Enter Follow the password instructions in the Authenticator app here, and access will be granted into the systemfollowing section to set up TOTP Multi-Factor Authentication. <br /> [[Image:MFAScreen.png|500px]]
===Logging in the First Time with TOTP for Existing Users===
:# You will then be presented with the following screen: <br /> [[File:MFASetupTOTP.png|thumb|none|800px|TOTP Setup Page.]]
:# Follow the instructions listed on the screen, starting by installing an authenticator app on your mobile device.
:# On your mobile device, open the authenticator app and select “Add new device” or similar. Then select “Scan QR Code” or similar. <br /> [[Image:ScanQR.jpg|500px]]
:# Clicking the button "Show TOTP Key and QR Code" reveals the QR and secret code used with an authentication app. <br /> [[File:QRandSecretCodeScreen.png|thumb|none|300px|QR and Secret Code Screen.]]
:# After scanning the QR Code or entering the '''TOTP Secret Key ''' in your Authenticator app, a new device should be added to your list. Alternatively, you could also use the '''TOTP Secret Key''' as opposed to the '''TOTP QR Code'''.:# Next, enter the TOTP Verification Code in the modal window.
:# Press Submit when done.
 
===If the Mobile device Associated with TOTP is Misplaced===
<strong>NOTE:</strong> If a mobile device associated with TOTP is misplaced, TOTP must be reset by a Global Admin, or a user in a role with <strong>Role can reset TOTP for</strong> permissions in the role's setting page (More information detailed in the following section).
In the case of a user's device being misplaced, the following steps will allow an internal user in the roles listed above to reset a user's TOTP:
 
:# First, navigate to the user's profile who wishes to have TOTP credentials reset.
:# Next, from the '''Actions''' dropdown, select '''Edit Roles and Access'''.
:# In the following modal window, select the button labeled '''Reset TOTP'''. Note that the button will disappear after the reset has been initiated.
:# The user may now login as normal, following the prompts on the subsequent '''Set Up Multi-Factor Authentication''' screen.
 
===Determining which roles can reset TOTP===
:# In your SmartSimple instance (logged in as Global Admin) in the '''Configuration Menu''' (9-Square Grid Icon), select '''Global Settings'''.<br /> [[Image:GlobalSettings5.png|250px]]
:# Select the '''Users''' Tab from the Global Settings.
:# Click '''Roles'''.
:# Select '''Edit''' beside the role that you would like to grant permission to reset TOTP on behalf of other users. For security best practices, this role should be an internal role only.
:# Select the '''Permissions''' tab.
:# In the field '''Roles this role can reset TOTP for''', select the roles that this role can reset TOTP on behalf of.
:# Click '''Save''' when complete.
=Settings Explained=
Smartstaff
282
edits