Smartstaff
2,091
edits
Changes
m
→Overview
=Overview=
'''Multi-Factor Authentication(MFA)''' is a method of authentication in which a user is granted access to your SmartSimple Cloud system only after successfully presenting two or more pieces of evidence to an authentication mechanism.
The security impact of '''Multi-Factor Authentication (MFA)''' is MFA is that while a user might lose their authentication device or get tricked into sharing a password, the odds of both happening to a single user are dramatically reduced. Using MFA therefore enhances an organization's security by requiring users to identify themselves with more than their login credentials.
SmartSimple Cloud supports two ways of implementing '''Multi-Factor Authentication'''implementing MFA:
* '''Time-based One-Time Password (TOTP) '''via an authenticator app, which is more secure and suitable for users with increased access such as global administrators or internal staff
* '''Single Use Verification Code '''sent via email or SMS, which is better suited for external users or users who login infrequently infrequently '''Note:''' MFA and password reset emails are sent from non-production environments as of the March 2023 upgrade. If you wish to add role restrictions for access to your backup environment, the setting is located at '''Menu''' icon > '''Global Settings''' > '''Security '''tab > '''System Feature Permissions''' > '''Feature''' tab > '''Restrict Login to Backup Environment to these Roles'''. When testing MFA and password reset emails on non-production environments, always use a test user and test email.
=Configuration=
===Setting up Verification Codes for Email===
<pre>Note: If you are using the SMTP Relay with an IP restriction for sending emails, ensure the IP of your environments (backup, testing, production) is in your IP list. if If you need to help with identifying the IPs of your environments or have questions Reach , reach out to our supportteam.</pre>
The easiest way to set up MFA is through the email that was used for user registration and login.
When a user has been assigned a role that requires a verification code, they can login using the following steps:
# When the user logs in using their email and password, they will be taken to a page where they can click a button labelled '''Send Code by Email.'''# They will be prompted to enter a verification code that was sent to their email.<br /> [[File:2022-11-ticket-139210-4.png|thumb|none|800px| The multi-factor authentication page lets the user choose between receiving the verification code via email or SMS (if applicable)]]# They will be prompted to enter a verification code that was sent to their email. <br /> [[File:2022-11-ticket-139210-4a.png|thumb|none|800px| The user will be prompted to enter a verifcation code sent to their email address]]
# The user must open their email to copy the verification code. <br /> [[File:2022-11-ticket-139210-5.png|thumb|none|800px| A sample email containing a temporary verification code]]
# Enter the verification code into the field and then click '''Submit''' to finish authentication and log in to the system. <br /> [[File:2022-11-ticket-139210-9.png|thumb|none|800px| Entering the temporary verification code into the verification field]]
==Setting up a Default Email Address==
If you are using the SMTP relay and/or have a dedicated instance (your own domain), make sure you have set up a the default email address and that the default email address matches your domain. Otherwise your default email address, otherwise emails will should be sent from set to '''donotreply@smartsimplesmartsimplemailer.com''' and may be blocked by your SMTP. It is strongly advised that you set up your default email address for your system with an email address that reflects the domain used on your SMTP server. Follow these steps to setup set up a default email address:
# Go to '''Menu''' icon > '''Global Settings''' > '''Communications''' tab
# Enter your desired '''From Address'''
# Click '''Save'''
[[File:default-email.png|thumb|none|800px|Set up a default email address to help ensure that verification emails do not get blocked by the SMTP relay]]
