Skip to main content

Multi-factor Authentication (MFA or 2FA)

Introduction

Multi-factor authentication is a security process in which a user provides two (or more) different authentication factors to verify themselves. The first step (or first factor) is to provide your user credentials: your usual login name and password. The second step (or second factor) is to provide a passcode that verifies that the user who is trying to log in has the authorization to log in.

Before a user can use dual-factor authentication, they first need to register the device that will generate a one-time passcode for them (also called OTP). This device is usually a smart phone, but you can use your tablet as well. The application that can generate the passcode for you is called Google Authenticator.

Enforce MFA

As a reseller administrator, you have the possibility to enforce the use of MFA for your customers.
Edit the company where you'd like to change the MFA policy (when you create the company for the first time, this option is also available).
Choose Multi-Factor Authentication and click the toggle at Enforce MFA for local users.
Click Finish, to save the new settings.

image-1706624443908.png

On the company admin's side

When the next time, the company admin logs in, they will be greeted with the following screen:

image-1706625158789.png

The company administrator now needs to setup MFA as follows.
Download Google Authenticator from the app store of your phone's vendor and install it on your phone.
In the SP console: click Generate the QR code...
You will get a similar screen:

image-1706625260957.png

Open Google Authenticator on your phone and click on the + sign.
Choose Scan a QR code and scan it.
The new account is added to your Google Authenticator.

image-1706625313029.png

Type in the 6-digit code under the QR code in the SP console UI (marked by a red arrow in the above screenshot).

Click OK and click Yes to verify that you saved your authorization data.

image-1706625371477.png

You will get a confirmation that everything is set up.

Click OK and then Finish on the wizard.

image-1706625410042.png

Note: as a company administrator, you cannot turn off MFA. (It's grayed out.)

image-1706625519095.png

The next login

The next time, when a company admin logs in, after providing their username and password, a new screen will ask for the 6-digit verification code.

image-1706625569542.png

To reset MFA

The reseller administrator can disable, and then re-enable MFA, in case a user needs a reset of their MFA settings.