Multi Factor Authentication

The Management System supports Multi Factor Authentication (MFA) to provide a high level of security and protection against user identity theft as user name and password are no longer sufficient for a successful login. If the MFA feature is activated, the Management System is prompting all users for an additional Time-based One-Time Password, generated externally e.g. by an authenticator app on the users mobile.

User management

Enable and disable MFA

If MFA is enabled in the Management System, it is enabled for all users. Admin users are allowed to disable (and re-enable) MFA for each user individually by changing the user settings:

Permission to enable and disable MFA

For a more advanced control of the MFA setting, a new role may created with the permission that allows the owner of such a role to control the MFA setting for individual users:

MFA Authenticator App

MFA is working with a variety of popular authenticator apps, including but not limited to the following: - Google Authenticator (Free): a widely used and simple app developed by Google - Microsoft Authenticator (Free): Another popular option from Microsoft, offering additional features like multi-device syncing - Authy (Free): A feature-rich app with cloud backups, multi-device support, and support for additional authentication methods like push notifications - FreeOTP (Free and Open Source): A free and open-source option with a focus on privacy and security

Google Authenticator

Installing an authenticator to your mobile is easy and straight forward. In case you chose the Google Authenticator go to the Apple App Store or Google Play Store and install Google Authenticator.

Setting up MFA

If the MFA support is enabled in the Management System, and a user logs in for the first time, the system prompts the user with a QR code to walk through the MFA setup first:

Now the user needs to open his authenticator app on the mobile and choose Add a code:

Then the option to scan a QR code needs to be selected and the QR code provided by the Management System can be scanned:

The QR code contains an MFA secret that gets exchanged once during this initialization phase. After successfully scanning the QR code, the authenticator app initiates the MFA code generator which provides a (six digit) code changing every 30 seconds:

Now, as the authenticator app has been successfully initiated, the user needs to proceed on the Management System by pressing the Complete setup button:

In case of a successful completion of the MFA setup, the user gets a prompt indicating success:

Log in with MFA

For any subsequent login, the user needs to enter his user name and password first, and then he gets prompted for the MFA authentication code. This code must be read from the authenticator app and entered into the provided field:

Reset MFA authentication setup

If a user wants to change the authentication app or has encountered problems with MFA authentication in general, he may wish to re-initialize his MFA setup. This is possible via the same way like to reset a users's password. First, select the Reset Credentials option in the Management System's login screen:

Then, enter the email address of the user who wants to reset his MFA setup.

If a valid email address has been entered, the Management System sends an email to the user. The content body of this email provides either the option to reset the users's password or to reset the MFA setup by exchanging a new MFA secret with the authenticator app. After following the link MFA secret the user needs to walk through the process described under Adding MFA to a user account.