Hello there!

Need Help? We are right here!

Thanks for your Enquiry. Our team will soon reach out to you.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:

×

Contents

Configure Application

Configure Application

How to add a SAML App

How to add a WS–FED App

How to add an OAuth App

How to add a JWT App

How to add a Radius App

How to add a Desktop App

How to add a Browser Extension App

How to add a Passwordless App

How to add a SCIM Client App

How to add a SCIM Server App

How to add a Custom App

External Identity Providers

External Directories

Policies

Policies Overview

How to create a New Policy

How to edit a Policy

How to assign a policy to an app

How to Manage Password History

Restrict apps to a particular set of users

How to Delete a Policy

Customization

Customization Overview

Enable Custom Domain

Configure Email Gateway

Configure Custom SMS Gateway

OTP Over Email Template

Out of Band Email Template

Multi-Factor Authentication

Configure MFA Methods for Admin

Configure MFA Methods for Users

Enable MFA for the Self-Service Console

Adaptive Authentication

Manage Users

Import Bulk Users

User Profile Fields

View Locked Users

Manage Shared Identity

Manage Groups

Group Custom Fields

Group Membership Custom Fields

Auto Assign Group Rules

IDP Global Settings

IDP Global Settings

Enable multi-language support

Customize user self-registration page

Reports

Active Usage Report

Single Sign On Usage Report

User Login Report

Radius Authentication Report

Detailed Authentication Report

Adaptive Authentication Report

User Devices Report

User Registration Report

Provisioning Report

Admin Activity Audit Report

Configure Multi-Factor Authentication

What is Multi-Factor Authentication(MFA) :

MFA adds another method of identity verification in order to secure your accounts. First thing you know – Your username and password. Something unique that you have – Your phone or fingerprint.
By combining your username and password with the second method your access becomes more secure and impossible for an attacker to pass it even if they have your password.

MFA methods that miniOrange IDP Supports:

OTP Over Email	You receive an OTP on your registered email address which is used for 2nd Factor Authentication. Note : You will have to configure your Email Gateway before using this method to send emails.
OTP Over SMS	You receive an OTP on your registered phone no. which is used for 2nd Factor Authentication. Note : You will have to configure your SMS Gateway before using this method to send SMS to users
OTP Over Email & SMS	You receive an OTP on both your registered email and phone no. which cis used for 2nd Factor Authentication. Notes : You will have to configure your Email Gateway before using this method to send emails. You will have to configure your SMS Gateway before using this method to send SMS to users
Email Link (Out of Band Email)	You receive an email that contains two links for either allowing or denying the authentication. You can click on the allow link to complete the authentication or the deny link to cancel the authentication. Note: Your IDP deployment should be accessible over the internet for the authentication to work.
SMS Email (Out of Band SMS)	You receive an SMS that contains two links for either allowing or denying the authentication. You can click on the allow link to complete the authentication or the deny link to cancel the authentication. Note: Your IDP deployment should be accessible over the internet for the authentication to work.
Security Questions (KBA)	In this method, the users configure 3 questions along with their answers from their account. At the time of authentication, they are prompted to provide answers for 2 of the 3 configured questions. Note : The user has to configure the questions along with their answers prior to using this MFA method.
Phone Verification	In this method the user receives a call telling a 4-8 digit numeric key which is used for the 2nd Factor Authentication. Note: You will have to configure your own Phone Gateway to use this method.
miniOrange Authenticator Methods: Push Notification Mobile Authentication Soft Token	Push Notification : the user receives a push notifications on his mobile which he needs to ACCEPT \| DENY. Mobile Authentication : The process of Mobile Authentication works such as, a user needs to scan the barcode from his mobile using the miniOrange Authenticator app to proceed. Soft Token : In this method, User needs to enter the 6-8 numeric key generated in the authenticator app using TOTP algorithm. Notes : Prior configuration with the miniOrange Authenticator App is required to use this method. As all 3 methods are supported in the same app, configuring any of the 3 methods will allow the users to use all 3 methods. Your IDP deployment should be accessible over the internet for the configurations as well as the authentications to work.
Google Authenticator	In this method, the users need to enter the 6 digit OTP shown in the Google Authenticator App. The OTP keeps changing every 30 seconds. Note : The users will have to install the Google Authenticator App on their phones and configure it with their miniOrange account prior to using it as a 2FA method.
Microsoft Authenticator	In this method, the users need to enter the 6 digit OTP shown in the Microsoft Authenticator App. The OTP keeps changing every 30 seconds. Note : The users will have to install the Microsoft Authenticator App on their phones and configure it with their miniOrange account prior to using it as a 2FA method.
Authy Authenticator	In this method, the users need to enter the 6 digit OTP shown in the Authy Authenticator App. The OTP keeps changing every 30 seconds. Note : The users will have to install the Authy Authenticator App on their phones and configure it with their miniOrange account prior to using it as a 2FA method.
YubiKey Hardware Token	"YubiKey hardware Token" is a 2fa verification method, in which a user needs to connect a USB into his computer which generates a token in the form of an alphabetic key. This process works with the combination of OTP & hardware tokens. Note : The user has to configure the hardware token from the end user dashboard prior to using this MFA method.
Display Hardware Token	"Display Hardware Token" is a 2fa verification method, in which a user needs to connect a USB into his computer which generates a token in the form of a Numeric key. Note : You need to assign a hardware token to users before enabling this 2FA method.
FIDO2 (Biometric)	In this method, the users need to use built-in authentication methods (Windows Hello, inbuilt figerprint, Biometrics (Face ID or fingerprint)), Hardware Security Token (eg. Yubikey FIDO2 Token) for 2FA verification. Note : You will have to set up SSL for your IDP deployment prior to using this MFA method. The users would need to register their device from the end user dashboard prior to using this MFA method. The users would be able to register multiple devices for authentication.

How to Enable MFA for the admin account:

Login to the admin dashboard.
Go to 2-Factor Authentication > Setup 2FA from the side menu.
This will open the 2FA Methods configuration page.
The Active Method shows the currently active method, the admin will be prompted for MFA with this method.
Enable the “Enable Two Factor (MFA) for your own account.” option to enable MFA for the admin logins.

miniOrange Identity Platform Admin Handbook: Configure 2FA

Click on save for the changes to take effect.
Now, the next time the admin initiated login to his account, he will be prompted for completing MFA with the active method.