Difference between revisions of "Multifactor Authentication"

From Studentnet Wiki
Jump to navigation Jump to search
Line 81: Line 81:
 
# Navigate to Users and click intended user
 
# Navigate to Users and click intended user
 
# Under Security click Enable SMS
 
# Under Security click Enable SMS
# If a recovery phone number is not set one will need to be entered
+
# If a recovery phone number is not set, one will need to be entered
 
# If recovery phone number is already entered MFA for SMS will be activated
 
# If recovery phone number is already entered MFA for SMS will be activated
  
Line 91: Line 91:
 
# Under Security click Enable App
 
# Under Security click Enable App
 
# Open up the Authenticator App and scan the code
 
# Open up the Authenticator App and scan the code
# Enter the code
+
# Enter the code and MFA for Authenticator App will be activated
  
 
===Turn off MFA via admin===
 
===Turn off MFA via admin===

Revision as of 02:16, 23 June 2020

Multifactor Authentication (MFA)

The purpose of using MFA, is it adds another method of verification, increasing security. It sends a code via SMS for the user to input as well as their username and password.

Activating MFA

  1. Login to dashboard
  2. Navigate to Users
  3. Either select a user or create a new user
  4. Navigate to Recovery Details and click Edit
  5. Add a valid phone number into Recovery Phone field
  6. Click submit
  7. Navigate to Security and click Turn On
  8. Click yes,enable Multifactor

Notes

  • To be done as an adminstrator


Set MFA with an Authenticator App

By using an Authenticator App instead on SMS will allow users to login if there is no reception for their phone to retrieve code via SMS

  1. Go to your school's Cloudwork.ID
  2. Navigate to top right of the site where your name is
  3. Click Settings
  4. In Mulftifactor Authentication click Add Authenticator App
  5. Using Google Authenticator click on the bottom right, the plus sign
  6. Click scan barcode
  7. Point the camera to the barcode so the red lines line up with the barcode on your school's Cloudwork.ID
  8. Input code that is shown on Google Authenticator, to your school's Cloudwork.ID

Notes

  • To be done as an individual user
  • Users do not need to use Google Authenticator App, there are other apps such as Microsoft Authenticator and Authy 2-Factor Authentication


Enabling MFA Whitelist

Using MFA Whitelist for your school's Ip address range will allow users logging in, inside the school to not have to go through MFA. But logging in outside school will have user go through MFA

  1. Login into your school's dashboard
  2. Navigate to Cloudwork.ID settings
  3. Navigate to Features and click Edit
  4. Navigate to Multifactor Authentication Whitelist
  5. Enter into the field your school's Ip address or Ip address range

Notes

  • To be done as an administrator


Trusted device

As a feature of Multifactor, Users have the option when logging in to select I trust this device, don't ask again. This means for the next 30 days the user will not have to use a code for MFA.

Disabling Trust Device

This feature can disable any user from having the option to trust a device.

  1. Login into your school's dashboard
  2. Navigate to Cloudwork.ID settings
  3. Navigate to Features and click Edit
  4. Navigate to Enable Trusted Devices
  5. Select the option Do not let users trust device

MFA without storing a mobile phone number

  1. Log in to the CloudworkID service
  2. Select "Update Recovery Settings"
  3. Supply a valid mobile phone number and click "Submit"
  4. Enter the verification code and click "Submit"
  5. Click "Turn on" underneath MFA
  6. Enter the verification code and click "Submit"
  7. Click "Add Authenticator App"
  8. On your phone, scan the QR code. Then enter the verification code and click "Submit"
  9. Click the trash icon next to "Text Message to ....."
  10. Click "Delete" to confirm
  11. Click "Update recovery settings"
  12. Clear the form field for "Recovery Phone" and click submit

The user now has MFA operating, without having their personal mobile tied to their account.

Enable MFA for users as an admin

Enable MFA for SMS via admin

  1. Login as an admin to the Cloudwork Dashboard
  2. Navigate to Users and click intended user
  3. Under Security click Enable SMS
  4. If a recovery phone number is not set, one will need to be entered
  5. If recovery phone number is already entered MFA for SMS will be activated

Enable MFA for Authenticator App via admin

By enabling MFA for Authenticator App via admin, users can have MFA operating, without having their personal mobile tied to their account.

  1. Login as an admin to the Cloudwork Dashboard
  2. Navigate to Users and click intended user
  3. Under Security click Enable App
  4. Open up the Authenticator App and scan the code
  5. Enter the code and MFA for Authenticator App will be activated

Turn off MFA via admin

This will turn off MFA via SMS and MFA via App.

  1. Login as an admin to the Cloudwork Dashboard
  2. Navigate to Users and click intended user
  3. Under Security click Turn Off

Notes

To be done as an administrator