Difference between revisions of "Multifactor Authentication"

Multifactor Authentication (MFA)

The purpose of using MFA, is it adds another method of verification, increasing security. It sends a code via SMS for the user to input as well as their username and password.

Activating MFA

1. Login to dashboard
2. Navigate to Users
3. Either select a user or create a new user
4. Navigate to Recovery Details and click Edit
5. Add a valid phone number into Recovery Phone field
6. Click submit
7. Navigate to Security and click Turn On
8. Click yes,enable Multifactor

Notes

• To be done as an adminstrator

Set MFA with an Authenticator App

By using an Authenticator App instead on SMS will allow users to login if there is no reception for their phone to retrieve code via SMS

1. Go to your school's Cloudwork.ID
2. Navigate to top right of the site where your name is
3. Click Settings
4. In Mulftifactor Authentication click Add Authenticator App
5. Using Google Authenticator click on the bottom right, the plus sign
6. Click scan barcode
7. Point the camera to the barcode so the red lines line up with the barcode on your school's Cloudwork.ID
8. Input code that is shown on Google Authenticator, to your school's Cloudwork.ID

Notes

• To be done as an individual user
• Users do not need to use Google Authenticator App, there are other apps such as Microsoft Authenticator and Authy 2-Factor Authentication

Enabling MFA Whitelist

Using MFA Whitelist for your school's Ip address range will allow users logging in, inside the school to not have to go through MFA. But logging in outside school will have user go through MFA

1. Login into your school's dashboard
2. Navigate to Cloudwork.ID settings
3. Navigate to Features and click Edit
4. Navigate to Multifactor Authentication Whitelist
5. Enter into the field your school's Ip address or Ip address range

Notes

• To be done as an administrator

Trusted device

As a feature of Multifactor, Users have the option when logging in to select I trust this device, don't ask again. This means for the next 30 days the user will not have to use a code for MFA.

Disabling Trust Device

This feature can disable any user from having the option to trust a device.

1. Login into your school's dashboard
2. Navigate to Cloudwork.ID settings
3. Navigate to Features and click Edit
4. Navigate to Enable Trusted Devices
5. Select the option Do not let users trust device

MFA without storing a mobile phone number

1. Log in to the CloudworkID service
2. Select "Update Recovery Settings"
3. Supply a valid mobile phone number and click "Submit"
4. Enter the verification code and click "Submit"
5. Click "Turn on" underneath MFA
6. Enter the verification code and click "Submit"
7. Click "Add Authenticator App"
8. On your phone, scan the QR code. Then enter the verification code and click "Submit"
9. Click the trash icon next to "Text Message to ....."
10. Click "Delete" to confirm
11. Click "Update recovery settings"
12. Clear the form field for "Recovery Phone" and click submit

The user now has MFA operating, without having their personal mobile tied to their account.

Notes

To be done as an administrator