Changes

Multi-Factor Authentication

40 bytes added, 20:13, 11 January 2023
m
Time-Based One-Time Password (TOTP) Implementation
:# You will then be presented with the following screen: <br /> [[File:MFASetupTOTP.png|thumb|none|800px|TOTP Setup Page.]]
:# Follow the instructions listed on the screen, starting by installing an authenticator app on your mobile device.
:# On your mobile device, open the authenticator app and select “Add new device” or similar. Then select “Scan QR Code” or similar. <br /> [[ImageFile:ScanQR.jpg|500pxthumb|none|800px]]:# Clicking the button "Show TOTP Key and QR Code" reveals the QR and secret code used with an authentication app. <br /> [[File:QRandSecretCodeScreen.png|thumb|none|300px800px|QR and Secret Code Screen.]]
:# After scanning the QR Code or entering the '''TOTP Secret Key''' in your Authenticator app, a new device should be added to your list. Alternatively, you could also use the '''TOTP Secret Key''' as opposed to the '''TOTP QR Code'''.
:# Next, enter the TOTP '''Verification Code''' in the modal window.
:# First, navigate to the user's profile who wishes to have TOTP credentials reset.
:# Next, from the '''Actions''' dropdown, select '''Edit Roles and Access'''.
:# In the following modal window, select the button labeled '''Reset TOTP'''. <br /> [[ImageFile:ResetButton.png|500pxthumb|none|800px]]
:# The user may now login as normal, following the prompts on the subsequent '''Set Up Multi-Factor Authentication''' screen.
===Determining Which Roles Can Reset TOTP===
:# In your SmartSimple instance (logged in as Global Admin) in the '''Configuration Menu''' (9-Square Grid Icon), select '''Global Settings'''.<br /> [[ImageFile:GlobalSettings5.png|250pxthumb|none|800px]]
:# Select the '''Users''' Tab from the Global Settings.
:# Click '''Roles'''.
:# '''Edit''' the role that you would like to grant the ability to reset TOTP on behalf of other users. For security best practices, this role should be an internal role only.
:# Select the '''Permissions''' tab.
:# In the field '''Roles this role can reset TOTP for''', select the other roles that this role can reset TOTP on behalf of. <br /> [[ImageFile:RolesTOTPReset.png|500pxthumb|none|800px]]
:# Click '''Save''' when complete.
Smartstaff
2,359
edits