Difference between revisions of "Multifactor Authentication"
Line 81: | Line 81: | ||
# Navigate to Users and click intended user | # Navigate to Users and click intended user | ||
# Under Security click Enable SMS | # Under Security click Enable SMS | ||
− | # If a recovery phone number is not set one will need to be entered | + | # If a recovery phone number is not set, one will need to be entered |
# If recovery phone number is already entered MFA for SMS will be activated | # If recovery phone number is already entered MFA for SMS will be activated | ||
Line 91: | Line 91: | ||
# Under Security click Enable App | # Under Security click Enable App | ||
# Open up the Authenticator App and scan the code | # Open up the Authenticator App and scan the code | ||
− | # Enter the code | + | # Enter the code and MFA for Authenticator App will be activated |
===Turn off MFA via admin=== | ===Turn off MFA via admin=== |
Revision as of 02:16, 23 June 2020
Contents
Multifactor Authentication (MFA)
The purpose of using MFA, is it adds another method of verification, increasing security. It sends a code via SMS for the user to input as well as their username and password.
Activating MFA
- Login to dashboard
- Navigate to Users
- Either select a user or create a new user
- Navigate to Recovery Details and click Edit
- Add a valid phone number into Recovery Phone field
- Click submit
- Navigate to Security and click Turn On
- Click yes,enable Multifactor
Notes
- To be done as an adminstrator
Set MFA with an Authenticator App
By using an Authenticator App instead on SMS will allow users to login if there is no reception for their phone to retrieve code via SMS
- Go to your school's Cloudwork.ID
- Navigate to top right of the site where your name is
- Click Settings
- In Mulftifactor Authentication click Add Authenticator App
- Using Google Authenticator click on the bottom right, the plus sign
- Click scan barcode
- Point the camera to the barcode so the red lines line up with the barcode on your school's Cloudwork.ID
- Input code that is shown on Google Authenticator, to your school's Cloudwork.ID
Notes
- To be done as an individual user
- Users do not need to use Google Authenticator App, there are other apps such as Microsoft Authenticator and Authy 2-Factor Authentication
Enabling MFA Whitelist
Using MFA Whitelist for your school's Ip address range will allow users logging in, inside the school to not have to go through MFA. But logging in outside school will have user go through MFA
- Login into your school's dashboard
- Navigate to Cloudwork.ID settings
- Navigate to Features and click Edit
- Navigate to Multifactor Authentication Whitelist
- Enter into the field your school's Ip address or Ip address range
Notes
- To be done as an administrator
Trusted device
As a feature of Multifactor, Users have the option when logging in to select I trust this device, don't ask again. This means for the next 30 days the user will not have to use a code for MFA.
Disabling Trust Device
This feature can disable any user from having the option to trust a device.
- Login into your school's dashboard
- Navigate to Cloudwork.ID settings
- Navigate to Features and click Edit
- Navigate to Enable Trusted Devices
- Select the option Do not let users trust device
MFA without storing a mobile phone number
- Log in to the CloudworkID service
- Select "Update Recovery Settings"
- Supply a valid mobile phone number and click "Submit"
- Enter the verification code and click "Submit"
- Click "Turn on" underneath MFA
- Enter the verification code and click "Submit"
- Click "Add Authenticator App"
- On your phone, scan the QR code. Then enter the verification code and click "Submit"
- Click the trash icon next to "Text Message to ....."
- Click "Delete" to confirm
- Click "Update recovery settings"
- Clear the form field for "Recovery Phone" and click submit
The user now has MFA operating, without having their personal mobile tied to their account.
Enable MFA for users as an admin
Enable MFA for SMS via admin
- Login as an admin to the Cloudwork Dashboard
- Navigate to Users and click intended user
- Under Security click Enable SMS
- If a recovery phone number is not set, one will need to be entered
- If recovery phone number is already entered MFA for SMS will be activated
Enable MFA for Authenticator App via admin
By enabling MFA for Authenticator App via admin, users can have MFA operating, without having their personal mobile tied to their account.
- Login as an admin to the Cloudwork Dashboard
- Navigate to Users and click intended user
- Under Security click Enable App
- Open up the Authenticator App and scan the code
- Enter the code and MFA for Authenticator App will be activated
Turn off MFA via admin
This will turn off MFA via SMS and MFA via App.
- Login as an admin to the Cloudwork Dashboard
- Navigate to Users and click intended user
- Under Security click Turn Off
Notes
To be done as an administrator