1. AWS Simpplr
  2. Integrations and APIs
  3. Other

Multi-factor authentication (MFA) with Simpplr

Avatar
Matthew Rawls
Follow

Table of Contents

Overview

Key features

FAQ

Overview

Multi-factor authentication (MFA) is essential for enhancing security and protecting sensitive information. It strengthens the security posture of your intranet, protecting both company data and user accounts.

This feature enhances a user's account's security by adding an additional verification step during the login process, helping to protect your sensitive information from unauthorized access.

This foundation release supports the Time-based One-Time Passwords (TOTP) protocol, and is a common form of two-factor authentication

Key features

Enabling MFA at the org level

  • App managers can enable the MFA for their organization under Manage> Application> Security> Multi-factor authentication (MFA)

  • When enabled, the app manager has to select a 'grace period'. A grace period is a configurable time period during which users are allowed to log in without completing the MFA process. After this grace period expires, users will be required to go through the MFA setup process. App managers can set the grace period to any duration between no grace period (immediately enforce MFA) up to 30 days.
    MFA 1.jpg

Set up MFA authenticator

MFA can be setup via scanning the QR code from the authenticator app of your choosing. It can also be setup by pasting the 'time-based' key back received from Simpplr in the authenticator app.

    • Within the grace period, users areallowed to skip the MFA setup process.
      MFA 2.jpg

    • Once the grace period has passed, users are required to complete the MFA setup. They no longer have the option to skip it.

Authentication using authenticator code in subsequent logins

For subsequent logins, users will need to enter the MFA code. It is an extra level of authentication in addition to the user's password.

User authentication details are saved for 7 days. As long as the user is using the same device or browser, they won't be asked to authenticate with the MFA code again.
MFA 3.jpg

Reset/Recovery MFA

Recovery MFA is a security mechanism that helps users regain access to their accounts if they lose or can't access their primary authentication method.

App managers will have the capability to reset MFA for any active user. App managers can go to Manage > Users and reset MFA for any user. We'll be adding the capability for individual users to reset their MFA details in an upcoming release.
MFA 4.jpg

FAQ

Q1. Which authenticator apps are supported?

A1: All authenticator apps supporting TOTP are supported. There is no restriction.

Q2: Is there any impact to SSO users with this MFA feature?

A2: There is no impact on SSO users. They continue to use the MFA configured on the SSO.

Q3: Does a user need to do MFA authentication on every login?

A4: User does not need to authenticate with the same browser or device for 7 days.

Q4: What if a user lost a device?

A4: App managers can reset MFA for the user. The user can then set up MFA authentication from the new device again.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Articles in this section