User Tools

Site Tools


cloud_multi_factor_authentication

This is an old revision of the document!


Introduction

We are deploying a multi-factor authentication (MFA) and self-service password reset solution for all System Five on Cloud customers.

What is this?

MFA is a system that combines something you know (your password), with something you have (an authentication device, normally your phone). This means that to compromise your account, an attacker would need both of these things, dramatically increasing the barrier of entry.

Why are we implementing this?

MFA is an important line of defense against unauthorized access to our systems. If a hacker manages to obtain your password through a phishing attack, they will have to also answer a multi-factor authentication challenge, which they almost certainly couldn't do.

As a bonus, this added level of security allows us to offer the ability to reset your own password (provided you have access to your second factor) without contacting Support.

What do I need?

If you have access to a smartphone where you normally use System Five on Cloud, Microsoft Authenticator is the best way to get access.

Alternatively, for those who don't have access to or prefer not to use their smartphone, we also offer the ability to send authentication codes by email.

Managing MFA

First-time setup

To enroll for MFA, on any computer, go to

Microsoft Authenticator

If you have not already installed Microsoft Authenticator on your phone, install them from here: iPhone:https://apps.apple.com/app/microsoft-authenticator/id983156458 Android:https://play.google.com/store/apps/details?id=com.azure.authenticator

  1. Log in with your username and password.
  2. Choose Microsoft Authenticator when prompted to add Microsoft Authenticator to your account.
  3. Open Microsoft Authenticator on your phone.
  4. Choose the plus button in the top right.
  5. Tap Other (Google, Facebook, etc.)
  6. Scan the QR code on your computer screen.
  7. On the next page, enter the code below the entry yourusername@NA or yourusername@AU. You may need to scroll down to see it.
  8. Click Confirm, and you are enrolled!
  9. Generate backup codes to ensure you can still log in in case you lose your device.

Email

  1. Log in with your username and password.
  2. Choose Email Verification when prompted.
  3. Enter your email address and click Send Code
Ensure [email protected] is whitelisted in your spam filter to ensure you receive codes.
  1. Enter the code sent in the email.
  2. Click Verify Code, and you are enrolled!
  3. Generate backup codes to ensure you can still log in in case you lose your device.

Generating Backup Codes

We recommend you generate backup codes for your account. In the event you lose your authenticator, you can use a backup code to log in and change your authenticator. To do this:

  1. Log in to NA or AU.
  2. Enter the code on your authenticator.
  3. Under MFA Recovery, choose Generate One-Time Use Backup Verification Codes.
  4. Copy these codes to a safe place.
We recommend using a password manager to securely store these codes. Be sure not to keep them on the same device you use as an authenticator!

Logging in

Once you are enrolled in MFA, when you log into an MFA-enabled machine, you will be presented with a window similar to this:

Check your email or smartphone app for your 6-digit code and enter it in the box.

Enter the 6-digit code displayed underneath and click Continue. Your login will proceed.

Resetting your password

One benefit to having MFA enabled is you can reset your own password without contacting support. To do so:

  1. Go to NA or AU.
  2. Click “Forgot your password?”
  3. Enter your username and the CAPTCHA.
  4. Enter the code from your authenticator or email.
  5. Enter your new password and the CAPTCHA and click Reset Password.
This will also unlock your account if it is locked out.

Changing your Authenticator

If you need to change which device has your authenticator code, or which email address codes are sent to, you can change that like so:

  1. Log in using your username and password.
  2. Enter the code from your authenticator (if possible) or click Use Backup Code if you do not.
  3. If you are using Microsoft Authenticator:
    1. Click the pencil icon under Microsoft Authenticator
    2. Choose Change Phone.
    3. Follow the instructions on your new phone.
    4. Your new phone is now your active authenticator.
  4. If you are using email:
    1. Click Add Email under email verification
    2. Add the new email address and click Send Code
    3. Enter the code your received to your new email address. Be sure to check your spam.
    4. If you no longer have access or wish to receive notifications to your old email address:
      1. Click the pencil beside the old email address
      2. Choose Remove Email.

Troubleshooting/FAQ

I receive "Your account is not enrolled for Multi-Factor Authentication" and cannot log in.

If you are receiving this message:

then MFA has been enforced on your account but you have not yet set up the service. Please follow the instructions under First-time setup to enable login.

I've lost access to my authenticator. What do I do?

Follow the instructions under Changing your Authenticator if you have access to your backup codes. If you don't have backup codes, contact support.

I've forgotten my password/My account is locked out.

You can unlock your account and change your password yourself! Follow the instructions under Resetting your password.

My app won't let me scan the QR code.

If you have an iPhone, you may have denied the Authenticator app camera permissions. To fix this, go to Settings → Privacy → Camera and make sure Authenticator is set to ON. Sometimes poor lighting can cause the QR code to not scan successfully. You may need to enter the code manually.

cloud_multi_factor_authentication.1638228233.txt.gz · Last modified: 2021/11/29 15:23 (2 years ago) by kevin