Changes

 The security impact of '''Multi-Factor Authentication (MFA)''' is that while a user may lose an access card or get duped tricked into sharing a password, the odds of both happening to a single user are dramatically reduced. Using MFA therefore enhances an organization's ability to ensure that no one is using illegitimate means to gain access.  

* '''Time-based One-Time Password (TOTP)''' - this technique uses an authentication app that is installed on a mobile phone or other personal device.* '''Verification Code''' – a single use code sent by either Email or SMS to a user specified email address or phone number

All settings related to Multito multi-Factor Authentication are factor authentication are in a single location

# Navigate to '''Global Settings ''' > '''Security ''' > '''Password and Activation Policies.'''# Scroll to ''' Authentication Options ''' and toggle on '''Enable Multi-Factor Authentication'''

        '''<u>NOTE: </u>''' If new roles are added to the system, the MFA configuration must also be updated 

Associates one or more roles with authentication proven through an authenticator App app such as Google or Microsoft Authenticator.  

Associates one or more roles with authentication proved through either Email email or an SMS message. The user can choose at the point of verification to receive an email containing the one-time-code or an SMS message containing the one-time code. SMS must be enabled by SmartSimple and will incur an additional cost. Please speak to your account manager for more information.

This option is used to enable the trusted device feature. If this option is selected then every user (via their role) associated with MFA will not be prompted every time they attempt to log into the system.

Sets the frequency of the MFA prompt, based on the number of days specified. If the number is set to one, the user will be prompted every day for an MFA verification code, if set to five then the user will be prompted every five days.