Skip to main content

Multi Factor Authentication

Supported MFA methods

Authenticator App

The user sets up an App, for example Google Authenticator, which will provide a changing password the user enters when they sign in.

Email message

An email message is sent to the user’s verified email address when the user signs in. It contains a code the user will enter.

SMS message

An SMS message is sent to the user’s verified mobile number when the user signs in. It contains a code the user will enter.

Group Policy configuration

MFA requirement configuration can be done through Group Policies. See the Security tab of the Group Policy editor for the options.

Image

The configuration options are:

  • MFA usage is recommended

  • MFA usage is required

  • Which MFA methods are allowed

Making MFA usage recommended causes users who haven’t set up MFA yet to see a notification when they sign in. It offers them a chance to set up MFA. They can skip it and continue the sign in process. If they proceed with the MFA setup, their “Uses MFA” preference will be set and they will continue to use MFA when they sign in later, even if the recommendation is removed.

Making MFA usage required causes users who haven’t set up MFA yet to be forced to perform Email or SMS verification every time they sign in.

User’s MFA preferences

The following preferences are stored per user:

  • Does user use MFA when they sign in

  • Which MFA method they prefer

  • Keys for some MFA methods which require them

Change user’s MFA preferences

An user can change their MFA preferences through the management view’s personal menu. They can disable or set up another preferred MFA method.

Disabling MFA for an user

If an user wishes to disable MFA when they sign in, they can do any of the following:

  • Reset their password. Successful password reset clears MFA preferences.

  • Re-configure or disable MFA through the management view’s personal menu