Difference between revisions of "Multifactor Authentication"
Line 1: | Line 1: | ||
==Multifactor Authentication (MFA)== | ==Multifactor Authentication (MFA)== | ||
− | The purpose of using MFA | + | The purpose of using MFA is it adds another method of verification, increasing security. It sends a code via SMS for the user to input as well as their username and password. |
==Activating MFA== | ==Activating MFA== | ||
Line 13: | Line 13: | ||
# Click '''yes,enable Multifactor''' | # Click '''yes,enable Multifactor''' | ||
===Notes=== | ===Notes=== | ||
− | * To be done as an | + | * To be done as an administrator |
==Set MFA with an Authenticator App== | ==Set MFA with an Authenticator App== | ||
− | By using an Authenticator App instead on SMS will allow users to | + | By using an Authenticator App instead on SMS will allow users to log in if there is no reception for their phone to retrieve code via SMS |
# Go to your school's Cloudwork.ID | # Go to your school's Cloudwork.ID | ||
− | # Navigate to top right of the site where your name is | + | # Navigate to the top right of the site where your name is |
# Click '''Settings''' | # Click '''Settings''' | ||
# In '''Mulftifactor Authentication''' click '''Add Authenticator App''' | # In '''Mulftifactor Authentication''' click '''Add Authenticator App''' | ||
Line 35: | Line 35: | ||
==Enabling MFA Whitelist== | ==Enabling MFA Whitelist== | ||
− | Using MFA Whitelist for your school's Ip address range will allow users logging in, inside the school to not have to go through MFA. But logging in outside school will have user go through MFA | + | Using MFA Whitelist for your school's Ip address range will allow users logging in, inside the school to not have to go through MFA. But logging in outside school will have the user go through MFA |
# Login into your school's dashboard | # Login into your school's dashboard | ||
Line 60: | Line 60: | ||
==MFA without storing a mobile phone number== | ==MFA without storing a mobile phone number== | ||
− | # | + | # login to the CloudworkID service |
# Select "Update Recovery Settings" | # Select "Update Recovery Settings" | ||
# Supply a valid mobile phone number and click "Submit" | # Supply a valid mobile phone number and click "Submit" | ||
Line 82: | Line 82: | ||
# Under Security click Enable SMS | # Under Security click Enable SMS | ||
# If a recovery phone number is not set, one will need to be entered | # If a recovery phone number is not set, one will need to be entered | ||
− | # If recovery phone number is already entered MFA for SMS will be activated | + | # If a recovery phone number is already entered MFA for SMS will be activated |
===Enable MFA for Authenticator App via admin=== | ===Enable MFA for Authenticator App via admin=== |
Revision as of 02:20, 23 June 2020
Contents
Multifactor Authentication (MFA)
The purpose of using MFA is it adds another method of verification, increasing security. It sends a code via SMS for the user to input as well as their username and password.
Activating MFA
- Login to dashboard
- Navigate to Users
- Either select a user or create a new user
- Navigate to Recovery Details and click Edit
- Add a valid phone number into Recovery Phone field
- Click submit
- Navigate to Security and click Turn On
- Click yes,enable Multifactor
Notes
- To be done as an administrator
Set MFA with an Authenticator App
By using an Authenticator App instead on SMS will allow users to log in if there is no reception for their phone to retrieve code via SMS
- Go to your school's Cloudwork.ID
- Navigate to the top right of the site where your name is
- Click Settings
- In Mulftifactor Authentication click Add Authenticator App
- Using Google Authenticator click on the bottom right, the plus sign
- Click scan barcode
- Point the camera to the barcode so the red lines line up with the barcode on your school's Cloudwork.ID
- Input code that is shown on Google Authenticator, to your school's Cloudwork.ID
Notes
- To be done as an individual user
- Users do not need to use Google Authenticator App, there are other apps such as Microsoft Authenticator and Authy 2-Factor Authentication
Enabling MFA Whitelist
Using MFA Whitelist for your school's Ip address range will allow users logging in, inside the school to not have to go through MFA. But logging in outside school will have the user go through MFA
- Login into your school's dashboard
- Navigate to Cloudwork.ID settings
- Navigate to Features and click Edit
- Navigate to Multifactor Authentication Whitelist
- Enter into the field your school's Ip address or Ip address range
Notes
- To be done as an administrator
Trusted device
As a feature of Multifactor, Users have the option when logging in to select I trust this device, don't ask again. This means for the next 30 days the user will not have to use a code for MFA.
Disabling Trust Device
This feature can disable any user from having the option to trust a device.
- Login into your school's dashboard
- Navigate to Cloudwork.ID settings
- Navigate to Features and click Edit
- Navigate to Enable Trusted Devices
- Select the option Do not let users trust device
MFA without storing a mobile phone number
- login to the CloudworkID service
- Select "Update Recovery Settings"
- Supply a valid mobile phone number and click "Submit"
- Enter the verification code and click "Submit"
- Click "Turn on" underneath MFA
- Enter the verification code and click "Submit"
- Click "Add Authenticator App"
- On your phone, scan the QR code. Then enter the verification code and click "Submit"
- Click the trash icon next to "Text Message to ....."
- Click "Delete" to confirm
- Click "Update recovery settings"
- Clear the form field for "Recovery Phone" and click submit
The user now has MFA operating, without having their personal mobile tied to their account.
Enable MFA for users as an admin
Enable MFA for SMS via admin
- Login as an admin to the Cloudwork Dashboard
- Navigate to Users and click intended user
- Under Security click Enable SMS
- If a recovery phone number is not set, one will need to be entered
- If a recovery phone number is already entered MFA for SMS will be activated
Enable MFA for Authenticator App via admin
By enabling MFA for Authenticator App via admin, users can have MFA operating, without having their personal mobile tied to their account.
- Login as an admin to the Cloudwork Dashboard
- Navigate to Users and click intended user
- Under Security click Enable App
- Open up the Authenticator App and scan the code
- Enter the code and MFA for Authenticator App will be activated
Turn off MFA via admin
This will turn off MFA via SMS and MFA via App.
- Login as an admin to the Cloudwork Dashboard
- Navigate to Users and click intended user
- Under Security click Turn Off
Notes
To be done as an administrator