Multi-Factor Authentication (MFA) Overview
Updated
MFA stands for Multi-Factor Authentication. Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. MFA is a core component of a strong identity and access management (IAM) policy. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber attack.
See our FAQs on MFA here.
Configure MFA
Tokeet is always concerned about the security of our users so we have introduced MFA, as you can see in the screenshot below. You can access the “Configure MFA” option by clicking on your profile name in the top right corner of the screen.
The ‘Configure MFA’ overlay will look like the screenshot below. To enable MFA click on checkbox, choose the Delivery method (by default Email is selected) & click the Save button. MFA will then be activated on your user account successfully.
User level MFA Settings
Each user is able to edit the MFA settings for themselves, although Admins cannot edit MFA for other users. Each user can Enable/Disable MFA settings from two areas for themselves:
1- Configure MFA
2- User Settings - For this option, click on Settings > User Settings then select your user to see the button to Configure MFA. Once clicked, you can enable MFA and choose your delivery method.
Account level MFA settings
Admins can find the option to enable/disable MFA by clicking on their profile name in the top corner then on the Account Info option and scrolling to the Security heading. You can choose one option & click the Save button to save your preferences. This option is not available for other user roles.
MFA Delivery Methods
We provide these four delivery methods to receive a verification code.
- SMS
- TOTP
Email-based MFA
If you prefer to receive your authentication code by email, choose Email as delivery method for MFA on the configuration screen and click the Save button.
After selecting Email as delivery method, if you logout and go to the login screen you will see the message below after entering your username/password.
After entering your login details, you will get an email to your inbox with the security Digit Code as shown in the screenshot below. Copy this code & enter in Digit Code text field & click the Verify button to be logged in successfully.
SMS-based MFA
If you prefer to receive your authentication code by SMS, choose SMS and click on the Save button.
After selecting SMS as the delivery method, if you log out and go to the login screen, you will see the message below after entering your username/password.
After entering your login details, you will receive an SMS on your saved mobile number with the security Digit Code as shown in the screenshot below. Copy this code & enter it in the Digit Code text field & click the Verify button to be logged in successfully.
WhatsApp-based MFA
If you want to use WhatsApp as the delivery method for MFA, then on the configuration screen, select WhatsApp and click the Save button.
After selecting WhatsApp as the delivery method, if you logout and go to login screen you will see the message below after entering your username/password.
After entering your login details, you will get a message on your saved mobile number’s WhatsApp application with the security Digit Code as shown in the screenshot below. Copy this code, enter it in the Digit Code text field, click the Verify button & you will be logged in successfully.
TOTP-based MFA
If you want to choose TOTP as the delivery method for MFA, then on the configuration screen, select TOTP and click the Save button.
Next, the screen shown below will appear, where you will be required to scan the QR code on the authenticator app from your mobile. This will sync the account into the authenticator app & a code will be generated in the mobile authenticator app. Copy and paste the code as shown in the screenshot below & click the Verify button.
After selecting TOTP as the delivery method, if you logout and go to the login screen you will see the message below after entering your username/password.
You will also get a message on your authenticator app on your mobile device with the security Digit Code as shown in the screenshot below. Copy this code, enter it in the Digit Code text field & click the Verify button to be logged in successfully.
Skip MFA challenge feature
Users can skip MFA for a 15 days time period if they select the checkbox shown in the screenshot below when logging in.
It means you are bypassing MFA and you will not be asked for any security code while logging in. It only expires if you do not log in on the same browser in 15 days, otherwise it will keep bypassing the MFA settings.
Don’t Skip MFA
The "Don’t Skip MFA" button allows users who skipped multi-factor authentication (MFA) during login to activate it later. Once clicked, the button will disappear for the current session but will reappear if the user enables the ‘Skip MFA challenge on this machine’ during their next login.
Resend Code Feature
The “Resend Code” option allows you to request a new verification code if you did not receive the code, have lost the original one or the previous code has expired.
On the login page, when you navigate to the Multi-Factor Authentication screen, there is a“Resend Code” link with a timer of 120 seconds. Once the timer reaches zero, the “Resend Code” link will be active allowing you to click on it to request a new code.
When you select the ‘Resend Code’ option, a new verification code will be generated and sent via the delivery method you selected during configuration (e.g. email, SMS, WhatsApp or TOTP).
Unusual login detected Email
If a user is logged in from a different location i.e IP Address is changed from the previous IP address (at which security code was approved previously), this will trigger an email to be sent to you alerting you of an unusual log in.
