Configuring Multi-Factor Authentication (MFA)
- To configure user authentication via MFA, access the “Configuration component > Authentication” (CM008); from the side menu, select "Security" and check the "Enable multi-factor authentication" option.
- Next, the "Time to remember device (hours)" field will be enabled; this option allows the user to reconnect to the system without having to revalidate multi-factor authentication
⚠️Attention - Administration 2.2.0
- There have been important and sensitive changes to user registration; new security and identity confirmation standards that directly affect authentication and access to the system have been adopted. Carefully read the information provided below.
Mandatory e-mail address in user records if MFA is enabled
In version 2.2.0, improving and following market security standards, with regard to enhancing user identity validation, the E-mail field became mandatory in user records User (AD004) if MFA is enabled.
This measure is applied to all system registration entries: LDAP and SCIM synchronization, Import via spreadsheet and WS, as well as manual registration.
Users with duplicate e-mail and MFA enabled being blocked
When migrating to the new version, already registered users who have duplicate e-mails (same e-mail address in more than one user record) will have their access blocked.
Users who have access to system alerts will be notified of records with issues and can view the information on the alert monitoring screen (Configuration > Configuration > Alerts).
To unblock these users, access the user file screen (AD004), edit the records that contain a duplicate e-mail, and enter a valid and unique address.
After this exchange, the system will send a confirmation e-mail to the user, and the record can be unblocked using the More > Unblock button.
Identity confirmation (e-mail) with MFA enabled
Every system user will have to confirm their identity by registering a valid e-mail address if MFA is enabled; the system will send a confirmation link so that their record becomes active and can be accessed again.
When logging in to the system, if the user:
- Does not have a registered e-mail address: this information will be requested in order for their record to be updated, and their identity to be validated.
- Has a registered e-mail address: an identity confirmation e-mail will be sent to the registered address.
If necessary, the confirmation e-mail can be resent to the user through the More > Resend confirmation e-mail button, found on the user file screen (AD004).
⚠️Attention - Administration 2.2.1
- From version 2.2.1 onwards, using MFA (Multiple-Factor Authentication) will be mandatory for all customers who use the shared cloud version of our software and who do not use SSO. This measure aims to strengthen the security of your information and ensure an even more protected experience when using our platform.
- It is important to note that, for customers using the on-premise version of our software or dedicated server, this change does not apply. The decision on whether to enable MFA or not will be the responsibility of each customer in this case.