Multifactor Authentication (MFA)
The MultiFactor Authentication (MFA) feature adds an additional security layer for customers that are using Access Control and want to increase their level of security.
Under each application user profile, a new tab called Two-Factor Authentication has been added and through it the user can enable the MFA.
 |
The supported MFA platforms are:
Google Authenticator
Microsoft Authenticator
FreeOTP
A user can configure the MFA by using an initial code or via a QR code, both are provided in the setup page.
 |
Once the user has completed the process, he receives recovery codes to be used if he loses access to the MFA application.
 |
Each code can be used only once.
A user that is already configured to use the MFA will have the options to:
Disable it
Reset recovery codes
Set up authenticator app
Reset authenticator app
 |
Can a user be locked out?
Yes, if a user loses access to the authenticator App and does not have the recovery codes, then he will be locked out and he will need to reset the configuration in the database.
Limitations:
Each user can choose to enable\disable the MFA for himself, in the next phase this ability will be controlled by admins.
Plugins support:
Plugins that are natively using a web browser like VS for example, will support it on the fly.
Other plugins like IDE for example, IntelliJ, Eclipse, should be adjusted to support it but it will not prevent from the users to work, meaning that even if the MFA is enabled for a user, he will not be required to provide OTP in the non-supported plugins.