Configure MFA Methods for Users
Why you need Two-Factor Authentication?
Passwords are everywhere, users use them to access their money, do communication etc. At first, we used one password for everything
but that wasn’t good enough so we started making our passwords more complicated with a combination of numbers, uppercase/lowercase letters & even special characters.
But no matter how complex your password or the password management system is, it is never enough to prevent account takeover because all it takes is one simple phishing
email or database breach and your password is out in the world. So, if passwords are impossible to protect, how do you protect your account ?
That’s where two-factor authentication comes in. 2FA adds another method of identity verification in order to secure your accounts.
First thing you know – Your username and password.
Something unique that you have – Your phone or fingerprint.
By combining your username and password with the second method your access becomes more secure and impossible for an attacker to pass it even if they have your password.
Configure 2FA for users
To Configure two-factor authentication (2FA) for users you need to select one of the method from "default Authentication methods" section. Authentication methods include OTP over SMS, OTP over email & OTP over both SMS and email. You can choose Authentication methods for your end-users in the following way:
- Log in to the miniOrange Admin Console.
- Select Configure 2FA for Users from 2-Factor Authentication Tab.
Here you can see four main functionalities to configure 2-Factor Authentication for Users:
1. Select Default 2FA Authentication Method for your end-users:
- In this method, you can select default method for end users.
- Let's say you want to set OTP over email as default method for your end-users.
- First, you have to click on the checkbox of OTP over email.
- Then click on save.
- To verify, the admin has to select the user tab from the left navigation bar.
- And click on the user list.
- In this list, you can check for the end-user and the corresponding second factor type.
- If the default 2FA method set by you is the same as the second factor type over here, then you have configured successfully.
2. Select the 2FA methods allowed to be shown to end-users
- The admin has a choice to show the end-users all or any combination of 2FA methods.
- The below screenshot depict that all 2FA methods which are shown to the end-users.
- Suppose admin choices some other combination then, he/she has to enable and disable the checkbox accordingly.
- Then click on save.
- So in the end-user dashboard, he would be just able to see the above enabled methods to set 2FA for himself.
3. Verify 2FA for end-users
- Click on Customization at the left side panel and select Branding Customization.
- Here you will see Login Page URL for Organization's users.
- Copy this Login Page URL in browser and enter miniorange credentials. Now you will be redirected towards end-user dashboard.
- Now from the left panel click on configure 2FA in end-user dashboard.
- Here you will see the methods you selected for the particular end-user.
- Now you can configure default method for end users accordingly.
4. Skip Alternate Login Method (KBA) Configuration during Inline Registration
- This functionality gives you a choice to ask the KBA questions during inline registration.
- If you want to skip this, enable the Skip alternate login method(KBA) tab.
- Then click on save.