Smartstaff, administrator
38
edits
Changes
no edit summary
* '''Time-based One-Time Password (TOTP)''' via an authenticator app.
: '''NOTEIMPORTANT''': additional settings are required by each user to <span style="color: #ff0000;">'''YOU MUST'''</span> setup TOTP your authenticator app and link to an authenticator app, please your user account '''BEFORE''' enabling this type of MFA. Additional steps are required. Please see below for details.
* '''Single Use Verification Code '''sent by either Email or SMS.
:: No additional configuration steps required for this type of MFA.
:
All settings related to multi-factor authentication are in a single location
:# Navigate to '''Global Settings''' > '''Security''' > '''Password and Activation Policies''':# Scroll to''' Authentication Options''' and toggle on '''Enable Multi-Factor Authentication''':# Specify the roles that require authentication via TOTP and/or Verification Code
'''<u>NOTE:</u>''' If new roles are added to the system, the MFA configuration must also be updated
==='''NOTE:''' When enabling MFA for use with TOTP all existing users in roles that will have 2-Factor enabled must first scan their code into an authenticator app.===
:# Select the User menu from the top right.:# Select the link titled '''Personal Settings''' from the user menu. <br /> [[Image:PersonalSettingsUserMenu.png|200px]]:# Select the Security tab in the following modal window. <br /> [[Image:MFAQR.png|500px]]:# Open your Authenticator app on your mobile device. If one is not yet installed on your device, download “Authenticator” from your mobile device’s app store.:# On your mobile device, in the Authenticator App, select “Add new device” or similar. Then “Scan QR Code” or similar. <br /> [[Image:ScanQR.jpg|500px]]:# Scan the QR code “TOTP QR Code” from within the app on your mobile device.:# A new device should be added to your list. Note that, alternatively, you can also use the “TOTP Secret Key” as opposed to the QR code.:# In your SmartSimple instance, in the '''Configuration Menu''' (9-Square Grid Icon), select '''Global Settings'''.<br /> [[Image:GlobalSettings5.png|250px]]:# Select the '''Security''' Tab from the Global Settings.:# Click '''Password and Activation Policies'''.:# Under “Authentication Options”, toggle on '''Enable Multi-Factor Authentication (MFA)'''.:# In the setting '''Roles with Time-Based One-Time Password (TOTP)''' include the roles that you will be adding 2-Factor Authentication for. Note that the existing users in these roles must first scan the QR Code on their mobile device before this setting should be toggled on.:# Toggle on '''Enable Trusted Device''' if you would like users to be able to bypass entering a code for a time period after the code has been successfully entered. If enabled, also enter the time period that the 2-Factor Authentication will be bypassed for trusted users.:# Scroll to the bottom of the page and click '''Save'''.:# To test your MFA, log out of your account, and then log back in. You should now see a page following login called “Multi-Factor Authentication.” Enter the password in the Authenticator app here, and access will be granted into the system. <br /> [[Image:MFAScreen.png|500px]]
=See Also=
:* [[User Role]]s
[[Category:Security]]
