Multi-Factor Authentication
Multi-factor authentication (MFA) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism.
A good example of two-factor authentication is the withdrawing of money from an ATM; only the correct combination of a bank card and a PIN allows the transaction to be carried out.
SmarterPay Cloud supplements a user-controlled password with either a memorable word and/or a one-time code, delivered either by Email and/or an authentication app that only the user possesses.
In SmarterPay Cloud, Multi-factor authentication is enabled and defined in user Profiles.
Links to MFA in SmarterPay Cloud
Multi-Factor Authentication Profile Setup
View
Edit
Fields
| Field | Mandatory | Type | Description |
|---|---|---|---|
| Multi-Factor Authentication | Yes | Multi-Select | The multi-factor authentication login requirements for users with this profile. At least one needs to be selected. |
| Cookie Life Span | Yes | Dropdown | The amount of time that passes before multi-factor authentication is required again during login for users with this profile. |
Options
| Option | Description |
|---|---|
| Send a one time code, via an email. | |
| Memorable Word | Use 3 characters from the memorable word. [Default option]. |
| Authenticator App | Use an Authenticator app, for a one time code. |
Note: The selected options work in an “and then” fashion, meaning that if two options are selected then both will need to be satisfied, one after the other, for the login to be sucessful.
| Option | Description |
|---|---|
| Never Remember | Always ask for the selected MFA factors, for every login. [Default option]. |
| 1 Day | Ask for the selected MFA factors, after 24 hours of the last successful logon. |
| 7 Days | Ask for the selected MFA factors, after 168 hours of the last successful logon. |
| 30 Days | Ask for the selected MFA factors, after 720 hours of the last successful logon. |
Multi-Factor Authentication User Security
If the user has the Authenticator App setup on the their profile the details of the settings will be displayed on the Security section, as shown above.
Actions
Available actions, subject to permissions, are:
| Action | Description |
|---|---|
| “SETUP NEW AUTHENTICATOR” Button | Used to change the Authenticator App settings. See below. Displayed if the user's profile has the Authenticator App MFA selected. |
| “PASSWORD RESET” Button | Starts the process to Reset your Password. |
If the “SETUP NEW AUTHENTICATOR” button is clicked the following dialogue box is displayed:
To change the Authenticator App settings please follow these steps:
- Click the “REGENERATE QR CODE” button.
- Scan the QR code on the Authenticator app, which should update it's existing settings.
- Enter the unique code in the “Enter Unique Code” text box.
- Click the “CONFIRM SETUP” button.
Multi-Factor Authentication Login Process
When a user logs into SmarterPay Cloud the appropriate MFA checks are performed, as per the user's profile and MFA expiration settings.
A minimum of one factor is checked, by default “Memorable word”, but the profile could be set to use all available factors.
If all factors are selected then the order of the MFA checks are as below.
Email Authentication
If the user's MFA is set for Email Authentication the following dialogue box is displayed:
The user will be sent an email, to the address in the users settings, containing a one time code.
This code needs to be entered into the “Authentication Code” text box and the “Submit” button clicked to continue.
Memorable Word
If the user's MFA is set for Memorable Word the following dialogue box is displayed:
The relevant characters from the memorable word should be entered into the appropriate boxes and the “Submit” button clicked to continue.
Authenticator App
If the user's MFA is set for Authenticator App, and the app has already been setup, the following dialogue box is displayed:
The code, from the appropriate app, needs to be entered into the “Enter Unique code” text box and the “Submit button clicked to continue.
If the app hasn't been setup yet the following dialogue box is displayed:
Follow the instructions, displayed on the dialogue, to setup the app.