Smartstaff
282
edits
Changes
→Configuration - Advanced
:# Toggle on '''Enable Trusted Device''' if you would like users to be able to bypass entering a code for a time period after the code has been successfully entered. If enabled, also enter the time period that the 2-Factor Authentication will be bypassed for trusted users.
:# Scroll to the bottom of the page and click '''Save'''.
:# To test your MFA, log out of your account, and then log back in. You should now see a page following login called “Set Up Multi-Factor Authentication.” Follow the instructions in the following section to set up TOTP Multi-Factor Authentication. <br /> [[ImageFile:MFAScreenMFASetupTOTP.png|500pxthumb|none|800px|TOTP Setup Page.]]
===Logging in the First Time with TOTP for Existing Users===
:# Clicking the button "Show TOTP Key and QR Code" reveals the QR and secret code used with an authentication app. <br /> [[File:QRandSecretCodeScreen.png|thumb|none|300px|QR and Secret Code Screen.]]
:# After scanning the QR Code or entering the '''TOTP Secret Key''' in your Authenticator app, a new device should be added to your list. Alternatively, you could also use the '''TOTP Secret Key''' as opposed to the '''TOTP QR Code'''.
:# Next, enter the TOTP '''Verification Code ''' in the modal window.:# Press '''Submit ''' when done.
===If the Mobile device Associated with TOTP is Misplaced===
In the case of a user's device being misplaced, the following steps will allow an internal user in the roles listed above to reset a user's TOTP:
:# First, navigate to the user's profile who wishes to have TOTP credentials reset.
:# Next, from the '''Actions''' dropdown, select '''Edit Roles and Access'''.
:# In the following modal window, select the button labeled '''Reset TOTP'''. Note that the button will disappear after the reset has been initiated.
:# The user may now login as normal, following the prompts on the subsequent '''Set Up Multi-Factor Authentication''' screen.
===Determining which roles can reset TOTP===
:# Select the '''Users''' Tab from the Global Settings.
:# Click '''Roles'''.
:# Select '''Edit''' beside the role that you would like to grant permission to reset TOTP on behalf of other users. For security best practices, this role should be an internal role only.
:# Select the '''Permissions''' tab.
:# In the field '''Roles this role can reset TOTP for''', select the roles that this role can reset TOTP on behalf of.
:# Click '''Save''' when complete.
