Skip to main content

Multifactor Authentication (MFA)

The MultiFactor Authentication (MFA) feature adds an additional security layer for customers that are using Access Control and want to increase their level of security.

Under each application user profile, a new tab called Two-Factor Authentication has been added and through it the user can enable the MFA.

6526632161.png

The supported MFA platforms are:

  • Google Authenticator

  • Microsoft Authenticator

  • FreeOTP

A user can configure the MFA by using an initial code or via a QR code, both are provided in the setup page.

6526337225.png

Once the user has completed the process, he receives recovery codes to be used if he loses access to the MFA application.

6526533851.png

Each code can be used only once.

A user that is already configured to use the MFA will have the options to:

  • Disable it

  • Reset recovery codes

  • Set up authenticator app

  • Reset authenticator app

6526795991.png

Can a user be locked out?

Yes, if a user loses access to the authenticator App and does not have the recovery codes, then he will be locked out and he will need to reset the configuration in the database.

Limitations:

  • Each user can choose to enable\disable the MFA for himself, in the next phase this ability will be controlled by admins.

  • Plugins support:

    • Plugins that are natively using a web browser like VS for example, will support it on the fly.

    • Other plugins like IDE for example, IntelliJ, Eclipse, should be adjusted to support it but it will not prevent from the users to work, meaning that even if the MFA is enabled for a user, he will not be required to provide OTP in the non-supported plugins.